CVE-2024-29904
published 2024-03-29CVE-2024-29904: CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.77%
51.1th percentile
CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codeigniter | codeigniter | < 4.4.7 | 4.4.7 |
| codeigniter4 | codeigniter4 | < 4.4.7 | 4.4.7 |
| codeigniter4 | framework | >= 0 < 4.4.7 | 4.4.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CodeIgniter4 DoS Vulnerability
osv·2024-03-29
CVE-2024-29904 [HIGH] CodeIgniter4 DoS Vulnerability
CodeIgniter4 DoS Vulnerability
### Impact
A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server.
### Patches
Upgrade to v4.4.7 or later. See [upgrading guide](https://codeigniter4.github.io/userguide/installation/upgrade_447.html).
### Workarounds
- Disabling Auto Routing prevents a known attack vector in the framework.
- Do not pass invalid values to the `lang()` function or `Language` class.
### References
- https://codeigniter4.github.io/userguide/outgoing/localization.html#language-localization
- https://codeigniter4.github.io/userguide/general/common_functions.html#lang
GHSA
CodeIgniter4 DoS Vulnerability
ghsa·2024-03-29
CVE-2024-29904 [HIGH] CWE-674 CodeIgniter4 DoS Vulnerability
CodeIgniter4 DoS Vulnerability
### Impact
A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server.
### Patches
Upgrade to v4.4.7 or later. See [upgrading guide](https://codeigniter4.github.io/userguide/installation/upgrade_447.html).
### Workarounds
- Disabling Auto Routing prevents a known attack vector in the framework.
- Do not pass invalid values to the `lang()` function or `Language` class.
### References
- https://codeigniter4.github.io/userguide/outgoing/localization.html#language-localization
- https://codeigniter4.github.io/userguide/general/common_functions.html#lang
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
2024-03-29
Published