CVE-2016-9646

Published: Apr 13, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

Vendor	Product	Versions
ikiwiki	ikiwiki	affected `before 3.20161229`

References

DSA-3760

vendor-advisory

x_refsource_DEBIAN

https://security-tracker.debian.org/tracker/CVE-2016-9646

x_refsource_CONFIRM

https://ikiwiki.info/security/#cve-2016-9646

x_refsource_CONFIRM

[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-9646

Description

Affected Products

References