← volver
CVE-2016-9646

Commit metadata forgery via CGI::FormBuilder context-dependent APIs

EPSS 1.2%
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Productos afectados
ikiwiki · ikiwiki

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://ikiwiki.info/security/#cve-2016-9646https://marc.info/?l=oss-security&m=148304341511854&w=2https://security-tracker.debian.org/tracker/CVE-2016-9646https://www.debian.org/security/2017/dsa-3760