CVE-2024-58136 Information

Description

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key a CVE-2024-4990 regression as exploited in the wild in February through April 2025.

Reference

https://github.com/yiisoft/yii2/commit/40fe496eda529fd1d933b56a1022ec32d3cd0b12 https://github.com/yiisoft/yii2/compare/2.0.51…2.0.52 https://github.com/yiisoft/yii2/pull/20232 https://github.com/yiisoft/yii2/pull/20232#issuecomment-2252459709 https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52