GHSA-27qr-636m-wxg2 – codeigniter/framework

Package

Manager: composer
Name: codeigniter/framework
Vulnerable Version: >=0 <3.1.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

EPSS: N/A pctlN/A

Details

codeigniter/framework SQL injection in ODBC database driver CodeIgniter 3.1.0 addressed a critical security issue within the ODBC database driver. This update includes crucial fixes to mitigate a SQL injection vulnerability, preventing potential exploitation by attackers. It is noteworthy that these fixes render the query builder and escape() functions incompatible with the ODBC driver. However, the update introduces actual query binding as a more secure alternative.

Metadata

Created: 2024-05-15T18:09:41Z
Modified: 2024-05-15T18:09:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-27qr-636m-wxg2/GHSA-27qr-636m-wxg2.json
CWE IDs: []
Alternative ID: N/A
Finding: F106
Auto approve: 1