Cache Poisoning Vulnerability in Drupal 8.x before 8.2.3

Cache Poisoning Vulnerability in Drupal 8.x before 8.2.3

CVE-2016-9450 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

Learn more about our User Device Pen Test.