Conversation
New assessment for topic: CVE-2024-58136

Topic description: "Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. ..."

"On the April 9 2025, Yii released an advisory warning that Yii framework versions before `2.0.52` were susceptible to Unsafe Reflection, with this CVE essentially a patch bypass of `CVE-2024-4990` ..."

Link: https://attackerkb.com/assessments/e6d2c5ff-8653-41a3-acf1-882330960fe1
0
1
1