Описание
Drupal core access bypass vulnerability
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
Пакеты
Наименование
drupal/core
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.9.19
8.9.19
Наименование
drupal/core
composer
Затронутые версииВерсия исправления
>= 9.1.0, < 9.1.13
9.1.13
Наименование
drupal/core
composer
Затронутые версииВерсия исправления
>= 9.2.0, < 9.2.6
9.2.6
Связанные уязвимости
CVSS3: 7.5
nvd
больше 3 лет назад
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.