Lucene search

GitHub_MVULNRICHMENT:CVE-2024-29904

HistoryMar 29, 2024 - 3:32 p.m.

CVE-2024-29904 CodeIgniter4 Language class DoS Vulnerability

2024-03-2915:32:38

CWE-835

GitHub_M

github.com

codeigniter

php

vulnerability

language class

dos attacks

memory consumption

upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*"
    ],
    "vendor": "codeigniter",
    "product": "codeigniter",
    "versions": [
      {
        "status": "affected",
        "version": "4.0",
        "lessThan": "4.4.7",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0

github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.7

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-29904