CVE-2024-29904

Опубликовано: 29 мар. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.

Ссылки

https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
Patch
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
Vendor Advisory
https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
Patch
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*

Версия до 4.4.7 (исключая)

EPSS

Процентиль: 68%

0.00569

Низкий

7.5 High

CVSS3

Дефекты

CWE-835

CWE-674

Связанные уязвимости

CVE-2024-29904

CVSS3: 7.5

debian

почти 2 года назад

CodeIgniter is a PHP full-stack web framework A vulnerability was foun ...

GHSA-39fp-mqmm-gxj6

CVSS3: 7.5

github

почти 2 года назад

CodeIgniter4 DoS Vulnerability

EPSS

Процентиль: 68%

0.00569

Низкий

7.5 High

CVSS3

Дефекты

CWE-835

CWE-674