CVE-2016-3168: Reflected file download vulnerability

April 12, 2016 (updated April 14, 2016)

The System module in Drupal might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrary JSON-encoded content.

References

www.drupal.org/SA-CORE-2016-001

Detect and mitigate CVE-2016-3168 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →