CVE-2020-13677

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
References
Link Resource
https://www.drupal.org/sa-core-2021-010 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Information

Published : 2022-02-11 04:15

Updated : 2022-07-08 06:19


NVD link : CVE-2020-13677

Mitre link : CVE-2020-13677

Products Affected
No products.