codeigniter4/framework Security Advisories for v4.0.0-alpha.4 (11)
-
[HIGH] CodeIgniter4 DoS Vulnerability
PKSA-j54j-8c7k-rccq CVE-2024-29904 GHSA-39fp-mqmm-gxj6
Affected version: <4.4.7
Reported by:
GitHub -
[HIGH] CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
PKSA-mscv-ktn8-2rsz CVE-2023-46240 GHSA-hwxf-qxj7-7rfj
Affected version: <=4.4.2
Reported by:
GitHub -
[CRITICAL] Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
PKSA-3xnc-9vd8-pd26 CVE-2023-32692 GHSA-m6m8-6gq8-c9fj
Affected version: <4.3.5
Reported by:
GitHub -
[HIGH] CVE-2022-23556: Attackers may spoof IP address when using proxy
PKSA-5qsc-rptw-773m CVE-2022-23556 GHSA-ghw3-5qvm-3mqc
Affected version: <4.2.11
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] CVE-2022-46170: Potential Session Handlers Vulnerability
PKSA-fdn3-tjqj-tbrj CVE-2022-46170 GHSA-6cq5-8cj7-g558
Affected version: <4.2.11
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[LOW] CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4
PKSA-gdkx-2hq2-gzns CVE-2022-39284 GHSA-745p-r637-7vvp
Affected version: <4.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] CodeIgniter Improper Privilege Management
PKSA-65g7-hfqn-nn47 CVE-2020-10793 GHSA-jwqp-wh5g-4gmm
Affected version: <=4.0.0
Reported by:
GitHub -
[CRITICAL] CVE-2022-24711: Remote CLI Command Execution Vulnerability in CodeIgniter4
PKSA-q6wy-cnms-5v5g CVE-2022-24711 GHSA-xjp4-6w75-qrj7
Affected version: <4.1.9
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
PKSA-kyt6-rr9s-bbsy CVE-2022-24712 GHSA-4v37-24gm-h554
Affected version: <4.1.9
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4
PKSA-nrxq-vnmr-47kd CVE-2022-21715 GHSA-7528-7jg5-6g62
Affected version: <4.1.8
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4
PKSA-tmzy-nc2k-32nq CVE-2022-21647 GHSA-w6jr-wj64-mc9x
Affected version: <4.1.6
Reported by:
FriendsOfPHP/security-advisories, GitHub