← voltar
CVE-2016-9646

Commit metadata forgery via CGI::FormBuilder context-dependent APIs

EPSS 1.2%
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Produtos afetados
ikiwiki · ikiwiki

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://ikiwiki.info/security/#cve-2016-9646https://marc.info/?l=oss-security&m=148304341511854&w=2https://security-tracker.debian.org/tracker/CVE-2016-9646https://www.debian.org/security/2017/dsa-3760