Nt0Xa

**Name of the Vulnerable Software and Affected Versions** Yii 2 (yiisoft/yii2) versions prior to 2.0.38 **Description** The issue is related to the restoration of untrusted data structures in memory, potentially allowing a remote attacker to execute arbitrary code. This can occur if the application calls `unserialize()` on arbitrary user input. The estimated number of potentially affected devices is not provided. **Recommendations** For versions prior to 2.0.38, update to version 2.0.38 to resolve the issue. As a temporary workaround without upgrading, add the following code to BatchQueryResult.php: ```php public function sleep() { throw new BadMethodCallException('Cannot serialize '. CLASS ); } public function wakeup() { throw new BadMethodCallException('Cannot unserialize '. CLASS ); } ```