yiisoft/yii2 Security Advisories for 2.0.33 (3)
-
[CRITICAL] yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key
PKSA-zmx9-v1jv-dy8s CVE-2024-58136 GHSA-ggwg-cmwp-46r5
Affected version: <2.0.52
Reported by:
GitHub -
[HIGH] Unsafe Reflection in base Component class
PKSA-53mg-bvkk-zmbs CVE-2024-4990 GHSA-cjcc-p67m-7qxm
Affected version: <2.0.49.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Possible remote code execution via unserialize() on user input containing specially crafted string
PKSA-qmd6-d7pz-yk89 CVE-2020-15148 GHSA-699q-wcff-g9mj
Affected version: <2.0.38
Reported by:
GitHub, FriendsOfPHP/security-advisories