CVE-2016-9450 (retired)

Priority
Description
The user password reset form in Drupal 8.x before 8.2.3 allows remote
attackers to conduct cache poisoning attacks by leveraging failure to
specify a correct cache context.
Package
Upstream:not-affected (only affects drupal 8)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (only affects drupal 8)
More Information

Updated: 2019-08-23 09:12:09 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)