CVE-2014-8684 – codeigniter/framework

Package

Manager: composer
Name: codeigniter/framework
Vulnerable Version: >=0 <3.0.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.44845 pctl0.97498

Details

CodeIgniter and Kohana vulnerable to PHP Object Injection CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.

Metadata

Created: 2022-05-17T00:47:12Z
Modified: 2023-08-16T23:04:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w9ph-q4h9-rwq6/GHSA-w9ph-q4h9-rwq6.json
CWE IDs: []
Alternative ID: GHSA-w9ph-q4h9-rwq6
Finding: F096
Auto approve: 1