Lucene search

[email protected]NVD:CVE-2024-29904

HistoryMar 29, 2024 - 4:15 p.m.

CVE-2024-29904

2024-03-2916:15:08

CWE-835

[email protected]

web.nvd.nist.gov

codeigniter

php

web framework

vulnerability

dos attack

upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.

References

github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0

github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-29904

github1 cvelist1 cve1 osv2 veracode1