codeigniter4/shield

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting codeigniter4/shieldpage 1 of 1

CVE-2022-35943MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.0.0-beta.2
2022-08-12
vulnerable: 1.0.0-beta, v1.0.0-beta
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/u…
CVE-2023-27580HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.0-beta.4
2023-03-13
vulnerable: v1.0.0-beta, v1.0.0-beta.2, v1.0.0-beta.3
CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easi…
CVE-2023-48707MEDIUMCVSS 5.0EG 5.0✓ Fixed in 1.0.0-beta.8
2023-11-24
vulnerable: v1.0.0-beta ... v1.0.0-beta.7 (7 versions)
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The `secretKey` value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a mali…
CVE-2023-48708MEDIUMCVSS 5.0EG 5.0✓ Fixed in 1.0.0-beta.8
2023-11-24
vulnerable: v1.0.0-beta ... v1.0.0-beta.7 (7 versions)
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in …

Check whether codeigniter4/shield is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for codeigniter4/shield CVEs against the assets you own.

Start Free Scan →