Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-dtde-gj8c-a7br
Vulnerability ID VCID-dtde-gj8c-a7br
Aliases CVE-2024-29904
GHSA-39fp-mqmm-gxj6
Summary CodeIgniter is a PHP full-stack web framework A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server. Upgrade to v4.4.7 or later.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-674 Uncontrolled Recursion
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00744 https://api.first.org/data/v1/epss?cve=CVE-2024-29904
epss 0.00744 https://api.first.org/data/v1/epss?cve=CVE-2024-29904
epss 0.00744 https://api.first.org/data/v1/epss?cve=CVE-2024-29904
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-39fp-mqmm-gxj6
cvssv3.1 7.5 https://github.com/codeigniter4/CodeIgniter4
generic_textual HIGH https://github.com/codeigniter4/CodeIgniter4
cvssv3.1 7.5 https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
generic_textual HIGH https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
ssvc Track https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
cvssv3.1 7.5 https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
cvssv3.1_qr HIGH https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
generic_textual HIGH https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
ssvc Track https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-29904
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-29904
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-29904
https://github.com/codeigniter4/CodeIgniter4
CVE-2024-29904 https://nvd.nist.gov/vuln/detail/CVE-2024-29904
fa851acbae7ae4c5a97f8f38ae87aa0822a334c0 https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
GHSA-39fp-mqmm-gxj6 https://github.com/advisories/GHSA-39fp-mqmm-gxj6
GHSA-39fp-mqmm-gxj6 https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/codeigniter4/CodeIgniter4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T20:01:34Z/ Found at https://github.com/codeigniter4/CodeIgniter4/commit/fa851acbae7ae4c5a97f8f38ae87aa0822a334c0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T20:01:34Z/ Found at https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-39fp-mqmm-gxj6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-29904
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.73473
EPSS Score 0.00744
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:38:26.520649+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/29xxx/CVE-2024-29904.json 38.6.0