Vulnerability in Drupal Core
CVE-2020-13675
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass th…
EPSS: 0.008 (74.4th percentile) — read the EPSS interpretation.
Affected products
- Drupal Core — versions 9.2.x, 9.1.x, 8.9.x
Weakness classification (CWE)
References
- www.drupal.org/sa-core-2021-008 (x_refsource_CONFIRM)