Security Advisories - yiisoft/yii2 - Packagist

yiisoft/yii2 Security Advisories for 2.0.14.1 (5)

[CRITICAL] yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key

PKSA-zmx9-v1jv-dy8s CVE-2024-58136 GHSA-ggwg-cmwp-46r5

Affected version: <2.0.52

Reported by:
GitHub
[HIGH] Unsafe Reflection in base Component class

PKSA-53mg-bvkk-zmbs CVE-2024-4990 GHSA-cjcc-p67m-7qxm

Affected version: <2.0.49.4

Reported by:
GitHub, FriendsOfPHP/security-advisories
[MEDIUM] Yii Incorrectly Implements CORS

PKSA-9gg1-dnxr-781q CVE-2018-20745 GHSA-cr6r-6xm9-ww22

Affected version: <2.0.16

Reported by:
GitHub
[HIGH] Possible remote code execution via unserialize() on user input containing specially crafted string

PKSA-qmd6-d7pz-yk89 CVE-2020-15148 GHSA-699q-wcff-g9mj

Affected version: <2.0.38

Reported by:
GitHub, FriendsOfPHP/security-advisories
Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()`

PKSA-hb8b-2qmh-yv87 CVE-2018-7269

Affected version: <2.0.12.1|>=2.0.13,<2.0.13.2|>=2.0.14,<2.0.15

Reported by:
FriendsOfPHP/security-advisories