Vulnerabilities > Yiiframework > YII > 2.0.48

DATE CVE VULNERABILITY TITLE RISK
2025-03-20 CVE-2024-4990 Unspecified vulnerability in Yiiframework YII 2.0.48
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration.
network
low complexity
yiiframework
critical
9.1