{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"critical"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2014-8684","title":"Title"},{"category":"description","text":"CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2014-8684","url":"https://www.suse.com/security/cve/CVE-2014-8684"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1059520 for CVE-2014-8684","url":"https://bugzilla.suse.com/1059520"}],"title":"SUSE CVE CVE-2014-8684","tracking":{"current_release_date":"2025-04-24T03:38:38Z","generator":{"date":"2023-02-15T05:25:28Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2014-8684","initial_release_date":"2023-02-15T05:25:28Z","revision_history":[{"date":"2023-02-15T05:25:28Z","number":"2","summary":"Current version"},{"date":"2025-04-24T03:38:38Z","number":"3","summary":"Current version"}],"status":"interim","version":"3"}}}