Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-39fp-mqmm-gxj6

GitHub Security Advisory

CodeIgniter4 DoS Vulnerability

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server.

### Patches
Upgrade to v4.4.7 or later. See [upgrading guide](https://codeigniter4.github.io/userguide/installation/upgrade_447.html).

### Workarounds
- Disabling Auto Routing prevents a known attack vector in the framework.
- Do not pass invalid values to the `lang()` function or `Language` class.

### References
- https://codeigniter4.github.io/userguide/outgoing/localization.html#language-localization
- https://codeigniter4.github.io/userguide/general/common_functions.html#lang

Affected Packages

Packagist codeigniter4/framework
Affected versions: 0 (fixed in 4.4.7)

Related CVEs

CVE-2024-29904

Key Information

GHSA ID
GHSA-39fp-mqmm-gxj6
Published
March 29, 2024 4:36 PM
Last Modified
May 7, 2025 6:49 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
codeigniter4/framework
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 19, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.