Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/55151?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55151?format=api", "vulnerability_id": "VCID-nnt3-u39w-yqa9", "summary": "Unsafe Reflection in base Component class in yiisoft/yii2\nYii2 supports attaching Behaviors to Components by setting properties having the format `'as <behaviour-name>'`.\n\nInternally this is done using the `__set()` magic method. If the value passed to this method is not an instance of the `Behavior` class, a new object is instantiated using `Yii::createObject($value)`. However, there is no validation check that verifies that `$value` is a valid `Behavior` class name or configuration. An attacker that can control the content of the $value variable can then instantiate arbitrary classes, passing parameters to their constructors and then invoking setter methods.", "aliases": [ { "alias": "CVE-2024-4990" }, { "alias": "GHSA-cjcc-p67m-7qxm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81701?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.50", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.50" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/742639?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.39", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/742640?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.39.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.39.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/742641?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.39.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.39.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/742642?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.39.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.39.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/742643?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.40", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.40" }, { "url": "http://public2.vulnerablecode.io/api/packages/742644?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.41", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/742645?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.41.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.41.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/742646?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.42", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/742647?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.42.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.42.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/742648?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.44", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.44" }, { "url": "http://public2.vulnerablecode.io/api/packages/742649?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.45", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.45" }, { "url": "http://public2.vulnerablecode.io/api/packages/742650?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.46", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.46" }, { "url": "http://public2.vulnerablecode.io/api/packages/742651?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.48", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.48" }, { "url": "http://public2.vulnerablecode.io/api/packages/742652?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.48.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.48.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/742653?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.49", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49" }, { "url": "http://public2.vulnerablecode.io/api/packages/742654?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.49.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/742655?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.49.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/742656?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.49.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7h77-j38d-5khr" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/201119?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-hhby-y7fg-tqax" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-uybn-p34d-pbga" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0-alpha" }, { "url": "http://public2.vulnerablecode.io/api/packages/201120?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-hhby-y7fg-tqax" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-uybn-p34d-pbga" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/201121?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.0-rc", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-hhby-y7fg-tqax" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-uybn-p34d-pbga" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0-rc" }, { "url": "http://public2.vulnerablecode.io/api/packages/201122?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-hhby-y7fg-tqax" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-uybn-p34d-pbga" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/201123?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-hhby-y7fg-tqax" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-uybn-p34d-pbga" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/201124?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-hhby-y7fg-tqax" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-uybn-p34d-pbga" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/201125?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-hhby-y7fg-tqax" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-uybn-p34d-pbga" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/52276?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-uybn-p34d-pbga" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/52321?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/209370?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/209371?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/209372?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/209373?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/53393?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-mvyf-rrfg-xucc" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/53394?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/215492?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/215493?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.11.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.11.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/63495?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-v3nu-bzav-vfc8" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/217050?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-v3nu-bzav-vfc8" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.12.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/272445?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.12.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-v3nu-bzav-vfc8" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.12.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/63496?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/215494?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.13.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4xj7-j7qz-2kd2" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-x788-tu9q-byfu" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/217051?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.13.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/272446?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.13.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/54888?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/217052?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.14.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.14.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/217053?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" }, { "vulnerability": "VCID-y165-fy8y-2fcc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.14.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/55237?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/272447?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" }, { "vulnerability": "VCID-vf2s-s6dr-nqhf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.15.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62930?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/272448?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.16.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.16.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/272449?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/272450?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/272451?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/272452?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/272453?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.21", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/272454?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/272455?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/272456?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/272457?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.25", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.25" }, { "url": "http://public2.vulnerablecode.io/api/packages/272458?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.26" }, { "url": "http://public2.vulnerablecode.io/api/packages/272459?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.27", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.27" }, { "url": "http://public2.vulnerablecode.io/api/packages/272460?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.28" }, { "url": "http://public2.vulnerablecode.io/api/packages/272461?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/272462?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/272463?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/272464?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/272465?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/272466?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/272467?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/272468?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/272469?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.37", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-gwmb-kcz9-d7b9" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/78685?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.38", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.38" }, { "url": "http://public2.vulnerablecode.io/api/packages/513365?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.43", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7h77-j38d-5khr" }, { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.43" }, { "url": "http://public2.vulnerablecode.io/api/packages/134393?format=api", "purl": "pkg:composer/yiisoft/yii2@2.0.47", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7kx3-sxex-f7dz" }, { "vulnerability": "VCID-nnt3-u39w-yqa9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.47" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4990", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42025", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4990" }, { "reference_url": "https://github.com/yiisoft/yii2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yiisoft/yii2" }, { "reference_url": "https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md#2050-may-30-2024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md#2050-may-30-2024" }, { "reference_url": "https://github.com/yiisoft/yii2/commit/628d406bfafb80fc32147837888c0057d89a021e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yiisoft/yii2/commit/628d406bfafb80fc32147837888c0057d89a021e" }, { "reference_url": "https://github.com/yiisoft/yii2/commit/62d081f18c3602d09e7d075bba3a0ca5c313f0b4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yiisoft/yii2/commit/62d081f18c3602d09e7d075bba3a0ca5c313f0b4" }, { "reference_url": "https://github.com/yiisoft/yii2/pull/20183", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yiisoft/yii2/pull/20183" }, { "reference_url": "https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-20T13:30:40Z/" } ], "url": "https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4990", "reference_id": "CVE-2024-4990", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4990" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2024-4990.yaml", "reference_id": "CVE-2024-4990.YAML", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2024-4990.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-cjcc-p67m-7qxm", "reference_id": "GHSA-cjcc-p67m-7qxm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjcc-p67m-7qxm" }, { "reference_url": "https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm", "reference_id": "GHSA-cjcc-p67m-7qxm", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm" } ], "weaknesses": [ { "cwe_id": 470, "name": "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')", "description": "The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnt3-u39w-yqa9" }