Vulnerabilities > Yiiframework > YII > 2.0.48
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-04-10 | CVE-2024-58136 | Unspecified vulnerability in Yiiframework YII Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. | 9.8 |
2025-03-20 | CVE-2024-4990 | Unspecified vulnerability in Yiiframework YII 2.0.48 In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. | 9.1 |