The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-11-25T18:00:00

Updated: 2024-08-06T02:50:38.330Z

Reserved: 2016-11-18T00:00:00

Link: CVE-2016-9450

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-11-25T18:59:02.090

Modified: 2024-11-21T03:01:14.440

Link: CVE-2016-9450

cve-icon Redhat

No data.