Lucene search

GitHub_MCVELIST:CVE-2024-29904

HistoryMar 29, 2024 - 3:32 p.m.

CVE-2024-29904 CodeIgniter4 Language class DoS Vulnerability

2024-03-2915:32:38

CWE-835

GitHub_M

www.cve.org

codeigniter

php

web framework

vulnerability

dos

memory consumption

upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.

CNA Affected

[
  {
    "vendor": "codeigniter4",
    "product": "CodeIgniter4",
    "versions": [
      {
        "version": "< 4.4.7",
        "status": "affected"
      }
    ]
  }
]

References

github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0

github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-29904