CVE-2016-3169: Saving user accounts can sometimes grant the user all roles
The User module in Drupal allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save
function with an explicit category and loads all roles into the array.
References
Detect and mitigate CVE-2016-3169 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →