[CRITICAL] yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key

PKSA-zmx9-v1jv-dy8s CVE-2024-58136 GHSA-ggwg-cmwp-46r5

Affected version: <2.0.52

Reported by:
GitHub

[HIGH] Unsafe Reflection in base Component class

PKSA-53mg-bvkk-zmbs CVE-2024-4990 GHSA-cjcc-p67m-7qxm

Affected version: <2.0.49.4

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] Reflected Cross-site Scripting in yiisoft/yii2 Debug mode

PKSA-wtwk-rjc8-8k5p CVE-2024-32877 GHSA-qg5r-95m4-mjgj

Affected version: >=2.0.43,<2.0.49.4

Reported by:
GitHub