cvedb.io
CVE-2016-9450
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2016-11-25T18:59:02.090 · Last modified 2026-06-17T00:56:05.640

Summary

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

Affected products

drupal — drupal

Does this affect you?

Add your gear to cvedb and we'll alert you only when drupal ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.