Security Advisories - codeigniter4/framework - Packagist

codeigniter4/framework Security Advisories for v4.0.0-alpha.3 (11)

[HIGH] CodeIgniter4 DoS Vulnerability

PKSA-j54j-8c7k-rccq CVE-2024-29904 GHSA-39fp-mqmm-gxj6

Affected version: <4.4.7

Reported by:
GitHub
[HIGH] CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment

PKSA-mscv-ktn8-2rsz CVE-2023-46240 GHSA-hwxf-qxj7-7rfj

Affected version: <=4.4.2

Reported by:
GitHub
[CRITICAL] Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

PKSA-3xnc-9vd8-pd26 CVE-2023-32692 GHSA-m6m8-6gq8-c9fj

Affected version: <4.3.5

Reported by:
GitHub
[HIGH] CVE-2022-23556: Attackers may spoof IP address when using proxy

PKSA-5qsc-rptw-773m CVE-2022-23556 GHSA-ghw3-5qvm-3mqc

Affected version: <4.2.11

Reported by:
FriendsOfPHP/security-advisories, GitHub
[HIGH] CVE-2022-46170: Potential Session Handlers Vulnerability

PKSA-fdn3-tjqj-tbrj CVE-2022-46170 GHSA-6cq5-8cj7-g558

Affected version: <4.2.11

Reported by:
FriendsOfPHP/security-advisories, GitHub
[LOW] CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4

PKSA-gdkx-2hq2-gzns CVE-2022-39284 GHSA-745p-r637-7vvp

Affected version: <4.2.7

Reported by:
FriendsOfPHP/security-advisories, GitHub
[HIGH] CodeIgniter Improper Privilege Management

PKSA-65g7-hfqn-nn47 CVE-2020-10793 GHSA-jwqp-wh5g-4gmm

Affected version: <=4.0.0

Reported by:
GitHub
[CRITICAL] CVE-2022-24711: Remote CLI Command Execution Vulnerability in CodeIgniter4

PKSA-q6wy-cnms-5v5g CVE-2022-24711 GHSA-xjp4-6w75-qrj7

Affected version: <4.1.9

Reported by:
FriendsOfPHP/security-advisories, GitHub
[MEDIUM] CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4

PKSA-kyt6-rr9s-bbsy CVE-2022-24712 GHSA-4v37-24gm-h554

Affected version: <4.1.9

Reported by:
FriendsOfPHP/security-advisories, GitHub
[MEDIUM] CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4

PKSA-nrxq-vnmr-47kd CVE-2022-21715 GHSA-7528-7jg5-6g62

Affected version: <4.1.8

Reported by:
FriendsOfPHP/security-advisories, GitHub
[HIGH] CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4

PKSA-tmzy-nc2k-32nq CVE-2022-21647 GHSA-w6jr-wj64-mc9x

Affected version: <4.1.6

Reported by:
FriendsOfPHP/security-advisories, GitHub