Lucene search

GitHub Advisory DatabaseGHSA-39FP-MQMM-GXJ6

HistoryMar 29, 2024 - 4:36 p.m.

CodeIgniter4 DoS Vulnerability

2024-03-2916:36:38

CWE-835

GitHub Advisory Database

github.com

codeigniter

dos

vulnerability

upgrade

auto routing

memory

attack

server

patch

language localization

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Impact

A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server.

Patches

Upgrade to v4.4.7 or later. See upgrading guide.

Workarounds

Disabling Auto Routing prevents a known attack vector in the framework.
Do not pass invalid values to the lang() function or Language class.

References

Affected configurations

Vulners

Node

codeigniter4frameworkRange<4.4.7

CPENameOperatorVersion
codeigniter4/frameworklt4.4.7

CPE	Name	Operator	Version
	codeigniter4/framework	lt	4.4.7

References

github.com/advisories/GHSA-39fp-mqmm-gxj6

github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0

github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6

nvd.nist.gov/vuln/detail/CVE-2024-29904

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for GHSA-39FP-MQMM-GXJ6