codeigniter4/framework Security Advisories for v4.2.0 (6)
-
[HIGH] CodeIgniter4 DoS Vulnerability
PKSA-j54j-8c7k-rccq CVE-2024-29904 GHSA-39fp-mqmm-gxj6
Affected version: <4.4.7
Reported by:
GitHub -
[HIGH] CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
PKSA-mscv-ktn8-2rsz CVE-2023-46240 GHSA-hwxf-qxj7-7rfj
Affected version: <=4.4.2
Reported by:
GitHub -
[CRITICAL] Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
PKSA-3xnc-9vd8-pd26 CVE-2023-32692 GHSA-m6m8-6gq8-c9fj
Affected version: <4.3.5
Reported by:
GitHub -
[HIGH] CVE-2022-23556: Attackers may spoof IP address when using proxy
PKSA-5qsc-rptw-773m CVE-2022-23556 GHSA-ghw3-5qvm-3mqc
Affected version: <4.2.11
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[HIGH] CVE-2022-46170: Potential Session Handlers Vulnerability
PKSA-fdn3-tjqj-tbrj CVE-2022-46170 GHSA-6cq5-8cj7-g558
Affected version: <4.2.11
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[LOW] CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4
PKSA-gdkx-2hq2-gzns CVE-2022-39284 GHSA-745p-r637-7vvp
Affected version: <4.2.7
Reported by:
FriendsOfPHP/security-advisories, GitHub