CVE-2016-9450: Incorrect cache context on password reset page

November 25, 2016 (updated November 29, 2016)

The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.

References

www.drupal.org/SA-CORE-2016-005

Detect and mitigate CVE-2016-9450 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →