PT-2024-23125 · Unknown · Codeigniter
Colethorsen
·
Published
2024-03-29
·
Updated
2025-05-07
·
CVE-2024-29904
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
CodeIgniter versions prior to 4.4.7
Description
A vulnerability was found in the Language class that allowed DoS attacks, which can be exploited by an attacker to consume a large amount of memory on the server.
Recommendations
Upgrade to v4.4.7 or later.
As a temporary workaround, consider disabling Auto Routing to prevent a known attack vector in the framework.
Avoid passing invalid values to the
lang() function or Language class.Exploit
Fix
DoS
Uncontrolled Recursion
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Codeigniter