CVE-2016-3165: Improper Access Control
The Form API in Drupal ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has #access
set to FALSE
in the server-side form definition.
References
Detect and mitigate CVE-2016-3165 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →