Vulnerabilities > Yiiframework > YII > 2.0.48

DATE CVE VULNERABILITY TITLE RISK
2025-04-10 CVE-2024-58136 Unspecified vulnerability in Yiiframework YII
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
network
low complexity
yiiframework
critical
 9.8
9.8
2025-03-20 CVE-2024-4990 Unspecified vulnerability in Yiiframework YII 2.0.48
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration.
network
low complexity
yiiframework
critical
 9.1
9.1