First published: Fri Mar 29 2024(Updated: )
### Impact A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. ### Patches Upgrade to v4.4.7 or later. See [upgrading guide](https://codeigniter4.github.io/userguide/installation/upgrade_447.html). ### Workarounds - Disabling Auto Routing prevents a known attack vector in the framework. - Do not pass invalid values to the `lang()` function or `Language` class. ### References - https://codeigniter4.github.io/userguide/outgoing/localization.html#language-localization - https://codeigniter4.github.io/userguide/general/common_functions.html#lang
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/codeigniter4/framework | <4.4.7 | 4.4.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.