[3.4] drupal7: Multiple vulnerabilities (CVE-2016-9449, CVE-2016-9450, CVE-2016-9451, CVE-2016-9452)ID: oval:org.secpod.oval:def:1800215 | Date: (C)2018-03-29 (M)2021-09-11 |
Class: PATCH | Family: unix |
CVE-2016-9449: Inconsistent name for term access query CVE-2016-9450: Incorrect cache context on password reset page CVE-2016-9451: Confirmation forms allow external URLs to be injected CVE-2016-9452: Denial of service via transliterate mechanism Affected versions: Drupal core 7.x versions prior to 7.52Drupal core 8.x versions prior to 8.2.3 Solution: If you use Drupal 7.x, upgrade to Drupal core 7.52If you use Drupal 8.x, upgrade to Drupal core 8.2.3 Reference:
Platform: |
Alpine Linux 3.4 |