CVE-2017-6919
Description
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
CWE
- (none)
Affected
- n/a / Drupal — v=Drupal [affected]
CVSS
- (none)
References
- http://www.securityfocus.com/bid/97941 vdb-entry, x_refsource_BID
- https://www.drupal.org/SA-CORE-2017-002 x_refsource_CONFIRM
- http://www.securitytracker.com/id/1038371 vdb-entry, x_refsource_SECTRACK
Source
cvelistV5-main/cves/2017/6xxx/CVE-2017-6919.json