CVE-2017-6919

Summary

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Affected Software

VendorProductVersion RangeStatus
n/aDrupalDrupalaffected

Weaknesses

  • access bypass

ADP Enrichment

CVE Program Container

Additional References

References