CVE-2020-13677

Summary

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.

Affected Software

VendorProductVersion RangeStatus
DrupalCore9.2.x < 9.2.6affected
DrupalCore9.1.x < 9.1.13affected
DrupalCore8.9.x < 8.9.19affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References