GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

GHSA-76h9-2vwh-w278: Apache MINA Deserialization RCE Vulnerability

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server

GHSA-9pp6-wq8c-3w2c: Gogs allows argument injection during the previewing of changes

GHSA-ccqv-43vm-4f3w: Gogs allows deletion of internal files

### Impact
A vulnerability was found in the Language class that allowed DoS attacks. This vulnerability can be exploited by an attacker to consume a large amount of memory on the server.

### Patches
Upgrade to v4.4.7 or later. See [upgrading guide](https://codeigniter4.github.io/userguide/installation/upgrade_447.html).

### Workarounds
- Disabling Auto Routing prevents a known attack vector in the framework.
- Do not pass invalid values to the `lang()` function or `Language` class.

### References
- https://codeigniter4.github.io/userguide/outgoing/localization.html#language-localization
- https://codeigniter4.github.io/userguide/general/common_functions.html#lang


**CodeIgniter4 DoS Vulnerability**

High severity GitHub Reviewed Published Mar 29, 2024 in codeigniter4/CodeIgniter4 • Updated Mar 29, 2024

Headline

GHSA-39fp-mqmm-gxj6: CodeIgniter4 DoS Vulnerability

Impact

Patches

Workarounds

References

ghsa: Latest News