Vulnerability in Drupal Core
CVE-2020-13677
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
EPSS: 0.002 (41.8th percentile) — read the EPSS interpretation.
Affected products
- Drupal Core — versions 9.2.x, 9.1.x, 8.9.x
Weakness classification (CWE)
References
- www.drupal.org/sa-core-2021-010 (x_refsource_CONFIRM)