CVE-2016-9450 log

Source
Severity Low
Remote Yes
Type Content spoofing
Description
The user password reset form does not specify a proper cache context, which can lead to cache poisoning and unwanted content on the page.
Group Package Affected Fixed Severity Status Ticket
AVG-74 drupal 8.2.2-1 8.2.3-1 Medium Fixed
Date Advisory Group Package Severity Type
19 Nov 2016 ASA-201611-20 AVG-74 drupal Medium multiple issues
References
https://www.drupal.org/SA-CORE-2016-005