CVE-2024-58136

Published April 10th, 2025

View on NVD ↗

CVSS v3

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

yiisoft/yii2

Yii 2: The Fast, Secure and Professional PHP Framework

GitHub

14.3K