codeigniter/framework

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting codeigniter/frameworkpage 1 of 1

CVE-2014-8684CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.0
2017-09-19
vulnerable: 3.0rc, 3.0rc2, 3.0rc3
CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison …
CVE-2018-12071CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.1.10
2018-06-17
vulnerable: 3.0.0 ... 3.1.9 (22 versions)
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.

Check whether codeigniter/framework is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for codeigniter/framework CVEs against the assets you own.

Start Free Scan →