I have noticed an issue with the details provided in the advisory GHSA-2pcj-76hj-xqhm regarding the vulnerable package. The advisory currently lists codeigniter4/framework as the affected package, which resolves to the repository for CodeIgniter 4.x versions, as confirmed via Packagist. However, the actual vulnerable version ranges fall under the 3.x series.

To accurately reflect the affected package, the correct name should be either bcit-ci/codeigniter or codeigniter/framework, both of which point to the appropriate GitHub repository: bcit-ci/CodeIgniter.

Additionally, the fix commit addressing this issue is: bcit-ci/CodeIgniter@a960016