First published: Thu Dec 29 2016(Updated: )
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ikiwiki Ikiwiki | <3.20161229 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
debian/ikiwiki | 3.20200202.3-1 3.20200202.4-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.