Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/04/12 12:1 a.m.64 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS7.2AI score0.84758EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2025/04/10 3:31 a.m.51 views

yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS7.1AI score0.84758EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2025/04/10 3:31 a.m.20 views

GHSA-GGWG-CMWP-46R5 yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9CVSS9.1AI score0.84758EPSS
Exploits1References9
NVD
NVD
added 2025/04/10 3:15 a.m.30 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS0.84758EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/04/10 12:0 a.m.82 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9CVSS0.84758EPSS
Exploits1References5
CVE
CVE
added 2025/04/10 12:0 a.m.331 views

CVE-2024-58136

CVE-2024-58136 describes an RCE risk in CraftCMS tied to Yii2 behavior injection via the fieldLayout JSON posted to assembleLayoutFromPost. The root cause is unfiltered user data passed to Craft::createObject() and a missing cleanseConfig() before using the fieldLayout config, permitting an attac...

9.8CVSS9AI score0.84758EPSS
In wildExploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/22 11:32 a.m.14 views

CVE-2024-4990

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

9.1CVSS7AI score0.7939EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.33 views

CVE-2024-4990

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

9.1CVSS0.7939EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.32 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS0.7939EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:11 a.m.4363 views

CVE-2024-4990

CVE-2024-4990 (Yii2

9.1CVSS8.1AI score0.7939EPSS
In wildExploits1References1Affected Software1
OSV
OSV
added 2025/03/20 10:11 a.m.15 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS7.6AI score0.7939EPSS
Exploits1References3
Rows per page
Query Builder