Infinite loop in CodeIgniter4 - CVE-2024-29904
Published: March 29, 2024 / Updated: May 23, 2026
CodeIgniter4
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to loop with unreachable exit condition in the Language class when processing invalid values passed to the lang() function or Language class. A remote attacker can supply invalid input to consume a large amount of memory on the server and cause a denial of service.