CVE-2020-13675

Summary

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

Affected Software

VendorProductVersion RangeStatus
DrupalCore9.2.x < 9.2.6affected
DrupalCore9.1.x < 9.1.13affected
DrupalCore8.9.x < 8.9.19affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References