High severityNVD Advisory· Published Oct 31, 2023· Updated Sep 5, 2024
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
CVE-2023-46240
Description
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace ini_set('display_errors', '0') with ini_set('display_errors', 'Off') in app/Config/Boot/production.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
codeigniter4/frameworkPackagist | < 4.4.3 | 4.4.3 |
Affected products
3- osv-coords2 versions
< 4.4.3+ 1 more
- (no CPE)range: < 4.4.3
- (no CPE)range: < 4.4.3
- Range: < 4.4.3
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-hwxf-qxj7-7rfjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-46240ghsaADVISORY
- codeigniter4.github.io/userguide/general/errors.htmlghsax_refsource_MISCWEB
- github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563ghsax_refsource_MISCWEB
- github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfjghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.