CVE-2024-29904

2024-03-2916:15:08

CWE-835

[email protected]

web.nvd.nist.gov

codeigniter

php

web framework

language class

vulnerability

dos attacks

upgrade

v4.4.7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.

Affected configurations

Vulners

Node

codeigniter4codeigniter4Range<4.4.7

CNA Affected

[
  {
    "vendor": "codeigniter4",
    "product": "CodeIgniter4",
    "versions": [
      {
        "version": "< 4.4.7",
        "status": "affected"
      }
    ]
  }
]