- The borg theme versions prior to 1.x-1.1.19
The borg theme does not sufficiently sanitize path arguments that are passed in via URL.
A CVE has been requested, and this page will be updated as soon as an official number has been issued.
Upgrade your site to the most recent version of the borg theme. Download available on the Borg 1.1.19 release page.
- Laryn Kragt Bakker of the Backdrop CMS Security Team
- Jen Lampton of the Backdrop CMS Security Team