EPSS
Percentile
39.4%
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
github.com/drupal/core
github.com/drupal/core/commit/8e8e3d2ddd72471ba886346ecabfb5d98fd27d9b
nvd.nist.gov/vuln/detail/CVE-2020-13676
www.drupal.org/sa-core-2021-009