Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-4990

Date: March 20, 2025

Unsafe Reflection in base Component class in yiisoft/yii2.

Language: PHP

Severity Score

Related Resources (10)

https://github.com/yiisoft/yii2/commit/628d406bfafb80fc32147837888c0057d89a021e
https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f
https://github.com/yiisoft/yii2/security/advisories/GHSA-cjcc-p67m-7qxm
https://nvd.nist.gov/vuln/detail/CVE-2024-4990
https://github.com/yiisoft/yii2/commit/62d081f18c3602d09e7d075bba3a0ca5c313f0b4
https://github.com/yiisoft/yii2
https://github.com/yiisoft/yii2/pull/20183
https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2024-4990.yaml
https://github.com/yiisoft/yii2/blob/master/framework/CHANGELOG.md#2050-may-30-2024
https://www.mend.io/vulnerability-database/CVE-2024-4990

Severity Score

Weakness Type (CWE)

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

CWE-470

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us