Vulnerability in Drupal Core
CVE-2023-31250
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following…
EPSS: 0.004 (58.6th percentile) — read the EPSS interpretation.
Affected products
- Drupal Core — versions 7.0, 10.0, 9.5