[HIGH] The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity

PKSA-w352-mtnh-r175 CVE-2018-6009 GHSA-cwhm-272p-3wj9

Affected package: yiisoft/yii2-dev

Affected version: <2.0.14

Reported by:
GitHub, FriendsOfPHP/security-advisories