FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

codeigniter -- multiple vulnerabilities

Affected packages
codeigniter < 3.1.3


VuXML ID 71ebbc50-01c1-11e7-ae1b-002590263bf5
Discovery 2017-01-09
Entry 2017-03-05

The CodeIgniter changelog reports:

Fixed an XSS vulnerability in Security Library method xss_clean().

Fixed a possible file inclusion vulnerability in Loader Library method vars().

Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane from NamePros).

Added protection against timing side-channel attacks in Security Library method csrf_verify().

Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open().