Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-nnt3-u39w-yqa9
Summary
Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format `'as <behaviour-name>'`.

Internally this is done using the `__set()` magic method. If the value passed to this method is not an instance of the `Behavior` class, a new object is instantiated using `Yii::createObject($value)`. However, there is no validation check that verifies that `$value` is a valid `Behavior` class name or configuration. An attacker that can control the content of the $value variable can then instantiate arbitrary classes, passing parameters to their constructors and then invoking setter methods.
Aliases
0
alias CVE-2024-4990
1
alias GHSA-cjcc-p67m-7qxm
Fixed_packages
0
url pkg:composer/yiisoft/yii2@2.0.50
purl pkg:composer/yiisoft/yii2@2.0.50
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.50
Affected_packages
0
url pkg:composer/yiisoft/yii2@2.0.0-alpha
purl pkg:composer/yiisoft/yii2@2.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-hhby-y7fg-tqax
4
vulnerability VCID-mvyf-rrfg-xucc
5
vulnerability VCID-nnt3-u39w-yqa9
6
vulnerability VCID-uybn-p34d-pbga
7
vulnerability VCID-vf2s-s6dr-nqhf
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0-alpha
1
url pkg:composer/yiisoft/yii2@2.0.0-beta
purl pkg:composer/yiisoft/yii2@2.0.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-hhby-y7fg-tqax
4
vulnerability VCID-mvyf-rrfg-xucc
5
vulnerability VCID-nnt3-u39w-yqa9
6
vulnerability VCID-uybn-p34d-pbga
7
vulnerability VCID-vf2s-s6dr-nqhf
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0-beta
2
url pkg:composer/yiisoft/yii2@2.0.0-rc
purl pkg:composer/yiisoft/yii2@2.0.0-rc
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-hhby-y7fg-tqax
4
vulnerability VCID-mvyf-rrfg-xucc
5
vulnerability VCID-nnt3-u39w-yqa9
6
vulnerability VCID-uybn-p34d-pbga
7
vulnerability VCID-vf2s-s6dr-nqhf
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0-rc
3
url pkg:composer/yiisoft/yii2@2.0.0
purl pkg:composer/yiisoft/yii2@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-hhby-y7fg-tqax
4
vulnerability VCID-mvyf-rrfg-xucc
5
vulnerability VCID-nnt3-u39w-yqa9
6
vulnerability VCID-uybn-p34d-pbga
7
vulnerability VCID-vf2s-s6dr-nqhf
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.0
4
url pkg:composer/yiisoft/yii2@2.0.1
purl pkg:composer/yiisoft/yii2@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-hhby-y7fg-tqax
4
vulnerability VCID-mvyf-rrfg-xucc
5
vulnerability VCID-nnt3-u39w-yqa9
6
vulnerability VCID-uybn-p34d-pbga
7
vulnerability VCID-vf2s-s6dr-nqhf
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.1
5
url pkg:composer/yiisoft/yii2@2.0.2
purl pkg:composer/yiisoft/yii2@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-hhby-y7fg-tqax
4
vulnerability VCID-mvyf-rrfg-xucc
5
vulnerability VCID-nnt3-u39w-yqa9
6
vulnerability VCID-uybn-p34d-pbga
7
vulnerability VCID-vf2s-s6dr-nqhf
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.2
6
url pkg:composer/yiisoft/yii2@2.0.3
purl pkg:composer/yiisoft/yii2@2.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-hhby-y7fg-tqax
4
vulnerability VCID-mvyf-rrfg-xucc
5
vulnerability VCID-nnt3-u39w-yqa9
6
vulnerability VCID-uybn-p34d-pbga
7
vulnerability VCID-vf2s-s6dr-nqhf
8
vulnerability VCID-x788-tu9q-byfu
9
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.3
7
url pkg:composer/yiisoft/yii2@2.0.4
purl pkg:composer/yiisoft/yii2@2.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-uybn-p34d-pbga
6
vulnerability VCID-vf2s-s6dr-nqhf
7
vulnerability VCID-x788-tu9q-byfu
8
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.4
8
url pkg:composer/yiisoft/yii2@2.0.5
purl pkg:composer/yiisoft/yii2@2.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-x788-tu9q-byfu
7
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.5
9
url pkg:composer/yiisoft/yii2@2.0.6
purl pkg:composer/yiisoft/yii2@2.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-x788-tu9q-byfu
7
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.6
10
url pkg:composer/yiisoft/yii2@2.0.7
purl pkg:composer/yiisoft/yii2@2.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-x788-tu9q-byfu
7
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.7
11
url pkg:composer/yiisoft/yii2@2.0.8
purl pkg:composer/yiisoft/yii2@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-x788-tu9q-byfu
7
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.8
12
url pkg:composer/yiisoft/yii2@2.0.9
purl pkg:composer/yiisoft/yii2@2.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-x788-tu9q-byfu
7
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.9
13
url pkg:composer/yiisoft/yii2@2.0.10
purl pkg:composer/yiisoft/yii2@2.0.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-mvyf-rrfg-xucc
4
vulnerability VCID-nnt3-u39w-yqa9
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-x788-tu9q-byfu
7
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.10
14
url pkg:composer/yiisoft/yii2@2.0.11
purl pkg:composer/yiisoft/yii2@2.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-nnt3-u39w-yqa9
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-x788-tu9q-byfu
6
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.11
15
url pkg:composer/yiisoft/yii2@2.0.11.1
purl pkg:composer/yiisoft/yii2@2.0.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-nnt3-u39w-yqa9
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-x788-tu9q-byfu
6
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.11.1
16
url pkg:composer/yiisoft/yii2@2.0.11.2
purl pkg:composer/yiisoft/yii2@2.0.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-nnt3-u39w-yqa9
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-x788-tu9q-byfu
6
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.11.2
17
url pkg:composer/yiisoft/yii2@2.0.12
purl pkg:composer/yiisoft/yii2@2.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-nnt3-u39w-yqa9
4
vulnerability VCID-v3nu-bzav-vfc8
5
vulnerability VCID-vf2s-s6dr-nqhf
6
vulnerability VCID-x788-tu9q-byfu
7
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.12
18
url pkg:composer/yiisoft/yii2@2.0.12.1
purl pkg:composer/yiisoft/yii2@2.0.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-v3nu-bzav-vfc8
4
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.12.1
19
url pkg:composer/yiisoft/yii2@2.0.12.2
purl pkg:composer/yiisoft/yii2@2.0.12.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-v3nu-bzav-vfc8
4
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.12.2
20
url pkg:composer/yiisoft/yii2@2.0.13
purl pkg:composer/yiisoft/yii2@2.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-nnt3-u39w-yqa9
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-x788-tu9q-byfu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13
21
url pkg:composer/yiisoft/yii2@2.0.13.1
purl pkg:composer/yiisoft/yii2@2.0.13.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4xj7-j7qz-2kd2
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-gwmb-kcz9-d7b9
3
vulnerability VCID-nnt3-u39w-yqa9
4
vulnerability VCID-vf2s-s6dr-nqhf
5
vulnerability VCID-x788-tu9q-byfu
6
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13.1
22
url pkg:composer/yiisoft/yii2@2.0.13.2
purl pkg:composer/yiisoft/yii2@2.0.13.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13.2
23
url pkg:composer/yiisoft/yii2@2.0.13.3
purl pkg:composer/yiisoft/yii2@2.0.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.13.3
24
url pkg:composer/yiisoft/yii2@2.0.14
purl pkg:composer/yiisoft/yii2@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.14
25
url pkg:composer/yiisoft/yii2@2.0.14.1
purl pkg:composer/yiisoft/yii2@2.0.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
4
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.14.1
26
url pkg:composer/yiisoft/yii2@2.0.14.2
purl pkg:composer/yiisoft/yii2@2.0.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
4
vulnerability VCID-y165-fy8y-2fcc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.14.2
27
url pkg:composer/yiisoft/yii2@2.0.15
purl pkg:composer/yiisoft/yii2@2.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.15
28
url pkg:composer/yiisoft/yii2@2.0.15.1
purl pkg:composer/yiisoft/yii2@2.0.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
3
vulnerability VCID-vf2s-s6dr-nqhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.15.1
29
url pkg:composer/yiisoft/yii2@2.0.16
purl pkg:composer/yiisoft/yii2@2.0.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.16
30
url pkg:composer/yiisoft/yii2@2.0.16.1
purl pkg:composer/yiisoft/yii2@2.0.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.16.1
31
url pkg:composer/yiisoft/yii2@2.0.17
purl pkg:composer/yiisoft/yii2@2.0.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.17
32
url pkg:composer/yiisoft/yii2@2.0.18
purl pkg:composer/yiisoft/yii2@2.0.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.18
33
url pkg:composer/yiisoft/yii2@2.0.19
purl pkg:composer/yiisoft/yii2@2.0.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.19
34
url pkg:composer/yiisoft/yii2@2.0.20
purl pkg:composer/yiisoft/yii2@2.0.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.20
35
url pkg:composer/yiisoft/yii2@2.0.21
purl pkg:composer/yiisoft/yii2@2.0.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.21
36
url pkg:composer/yiisoft/yii2@2.0.22
purl pkg:composer/yiisoft/yii2@2.0.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.22
37
url pkg:composer/yiisoft/yii2@2.0.23
purl pkg:composer/yiisoft/yii2@2.0.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.23
38
url pkg:composer/yiisoft/yii2@2.0.24
purl pkg:composer/yiisoft/yii2@2.0.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.24
39
url pkg:composer/yiisoft/yii2@2.0.25
purl pkg:composer/yiisoft/yii2@2.0.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.25
40
url pkg:composer/yiisoft/yii2@2.0.26
purl pkg:composer/yiisoft/yii2@2.0.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.26
41
url pkg:composer/yiisoft/yii2@2.0.27
purl pkg:composer/yiisoft/yii2@2.0.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.27
42
url pkg:composer/yiisoft/yii2@2.0.28
purl pkg:composer/yiisoft/yii2@2.0.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.28
43
url pkg:composer/yiisoft/yii2@2.0.29
purl pkg:composer/yiisoft/yii2@2.0.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.29
44
url pkg:composer/yiisoft/yii2@2.0.30
purl pkg:composer/yiisoft/yii2@2.0.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.30
45
url pkg:composer/yiisoft/yii2@2.0.31
purl pkg:composer/yiisoft/yii2@2.0.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.31
46
url pkg:composer/yiisoft/yii2@2.0.32
purl pkg:composer/yiisoft/yii2@2.0.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.32
47
url pkg:composer/yiisoft/yii2@2.0.33
purl pkg:composer/yiisoft/yii2@2.0.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.33
48
url pkg:composer/yiisoft/yii2@2.0.34
purl pkg:composer/yiisoft/yii2@2.0.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.34
49
url pkg:composer/yiisoft/yii2@2.0.35
purl pkg:composer/yiisoft/yii2@2.0.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.35
50
url pkg:composer/yiisoft/yii2@2.0.36
purl pkg:composer/yiisoft/yii2@2.0.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.36
51
url pkg:composer/yiisoft/yii2@2.0.37
purl pkg:composer/yiisoft/yii2@2.0.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-gwmb-kcz9-d7b9
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.37
52
url pkg:composer/yiisoft/yii2@2.0.38
purl pkg:composer/yiisoft/yii2@2.0.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.38
53
url pkg:composer/yiisoft/yii2@2.0.39
purl pkg:composer/yiisoft/yii2@2.0.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.39
54
url pkg:composer/yiisoft/yii2@2.0.39.1
purl pkg:composer/yiisoft/yii2@2.0.39.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.39.1
55
url pkg:composer/yiisoft/yii2@2.0.39.2
purl pkg:composer/yiisoft/yii2@2.0.39.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.39.2
56
url pkg:composer/yiisoft/yii2@2.0.39.3
purl pkg:composer/yiisoft/yii2@2.0.39.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.39.3
57
url pkg:composer/yiisoft/yii2@2.0.40
purl pkg:composer/yiisoft/yii2@2.0.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.40
58
url pkg:composer/yiisoft/yii2@2.0.41
purl pkg:composer/yiisoft/yii2@2.0.41
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.41
59
url pkg:composer/yiisoft/yii2@2.0.41.1
purl pkg:composer/yiisoft/yii2@2.0.41.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.41.1
60
url pkg:composer/yiisoft/yii2@2.0.42
purl pkg:composer/yiisoft/yii2@2.0.42
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.42
61
url pkg:composer/yiisoft/yii2@2.0.42.1
purl pkg:composer/yiisoft/yii2@2.0.42.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.42.1
62
url pkg:composer/yiisoft/yii2@2.0.43
purl pkg:composer/yiisoft/yii2@2.0.43
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7h77-j38d-5khr
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.43
63
url pkg:composer/yiisoft/yii2@2.0.44
purl pkg:composer/yiisoft/yii2@2.0.44
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.44
64
url pkg:composer/yiisoft/yii2@2.0.45
purl pkg:composer/yiisoft/yii2@2.0.45
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.45
65
url pkg:composer/yiisoft/yii2@2.0.46
purl pkg:composer/yiisoft/yii2@2.0.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.46
66
url pkg:composer/yiisoft/yii2@2.0.47
purl pkg:composer/yiisoft/yii2@2.0.47
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.47
67
url pkg:composer/yiisoft/yii2@2.0.48
purl pkg:composer/yiisoft/yii2@2.0.48
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.48
68
url pkg:composer/yiisoft/yii2@2.0.48.1
purl pkg:composer/yiisoft/yii2@2.0.48.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.48.1
69
url pkg:composer/yiisoft/yii2@2.0.49
purl pkg:composer/yiisoft/yii2@2.0.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49
70
url pkg:composer/yiisoft/yii2@2.0.49.1
purl pkg:composer/yiisoft/yii2@2.0.49.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49.1
71
url pkg:composer/yiisoft/yii2@2.0.49.2
purl pkg:composer/yiisoft/yii2@2.0.49.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7kx3-sxex-f7dz
1
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49.2
72
url pkg:composer/yiisoft/yii2@2.0.49.3
purl pkg:composer/yiisoft/yii2@2.0.49.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7h77-j38d-5khr
1
vulnerability VCID-7kx3-sxex-f7dz
2
vulnerability VCID-nnt3-u39w-yqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2@2.0.49.3
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4990
reference_id
reference_type
scores
0
value 0.002
scoring_system epss
scoring_elements 0.42035
published_at 2026-06-06T12:55:00Z
1
value 0.002
scoring_system epss
scoring_elements 0.42025
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4990
1
reference_url https://github.com/yiisoft/yii2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2
2
reference_url https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md#2050-may-30-2024
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md#2050-may-30-2024
3
reference_url https://github.com/yiisoft/yii2/commit/628d406bfafb80fc32147837888c0057d89a021e
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/628d406bfafb80fc32147837888c0057d89a021e
4
reference_url https://github.com/yiisoft/yii2/commit/62d081f18c3602d09e7d075bba3a0ca5c313f0b4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/commit/62d081f18c3602d09e7d075bba3a0ca5c313f0b4
5
reference_url https://github.com/yiisoft/yii2/pull/20183
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/pull/20183
6
reference_url https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-03-20T13:30:40Z/
url https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4990
reference_id CVE-2024-4990
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4990
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2024-4990.yaml
reference_id CVE-2024-4990.YAML
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2024-4990.yaml
9
reference_url https://github.com/advisories/GHSA-cjcc-p67m-7qxm
reference_id GHSA-cjcc-p67m-7qxm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjcc-p67m-7qxm
10
reference_url https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm
reference_id GHSA-cjcc-p67m-7qxm
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm
Weaknesses
0
cwe_id 470
name Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
description The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-nnt3-u39w-yqa9