CVE-2020-28984: Insufficient Input Validation

November 23, 2020 (updated February 4, 2021)

prive/formulaires/configurer_preferences.php in SPIP does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.

References

git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8
git.spip.net/spip/spip/compare/v3.2.7...v3.2.8
nvd.nist.gov/vuln/detail/CVE-2020-28984

Detect and mitigate CVE-2020-28984 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →