[3.5] drupal7: Multiple vulnerabilities (CVE-2016-9449, CVE-2016-9450, CVE-2016-9451, CVE-2016-9452)ID: oval:org.secpod.oval:def:1800152 | Date: (C)2018-03-28 (M)2021-09-11 |
Class: PATCH | Family: unix |
CVE-2016-9449: Inconsistent name for term access query CVE-2016-9450: Incorrect cache context on password reset page CVE-2016-9451: Confirmation forms allow external URLs to be injected CVE-2016-9452: Denial of service via transliterate mechanism Affected versions Drupal core 7.x versions prior to 7.52Drupal core 8.x versions prior to 8.2.3 Solution If you use Drupal 7.x, upgrade to Drupal core 7.52If you use Drupal 8.x, upgrade to Drupal core 8.2.3 Reference
Platform: |
Alpine Linux 3.5 |