← back
CVE-2016-9646

Commit metadata forgery via CGI::FormBuilder context-dependent APIs

EPSS 1.2%
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Affected products
ikiwiki · ikiwiki

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://ikiwiki.info/security/#cve-2016-9646https://marc.info/?l=oss-security&m=148304341511854&w=2https://security-tracker.debian.org/tracker/CVE-2016-9646https://www.debian.org/security/2017/dsa-3760