CVE-2016-9449: Unprivileged access to taxonomy terms

November 25, 2016 (updated January 6, 2017)

Modules wishing to restrict access to taxonomy terms may be incompatible with queries generated both by Drupal core as well as those generated by contributed modules like Entity Reference. As a result, information on taxonomy terms may be disclosed to unprivileged users.

References

www.drupal.org/SA-CORE-2016-005

Detect and mitigate CVE-2016-9449 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →