UBUNTU-CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

PT-2023-31979 · Drupal · Drupal Json:Api Module

Name of the Vulnerable Software and Affected Versions: Drupal JSON:API module affected versions not specified Description: In certain scenarios, Drupal's JSON:API module will output error backtraces, potentially causing sensitive information to be cached and made available to anonymous users,...

DRUPAL-CONTRIB-2023-037

This module enables you to build administrative pages for managing configuration objects, which may then be used elsewhere in the site. The module doesn't sufficiently validate access when the JSONAPI module is also installed. This vulnerability is mitigated by the fact that it only affects sites...

Drupal 代码问题漏洞

Drupal is an open source content management system developed by the Drupal community using the PHP language. A code issue exists in Drupal that is caused by improper access restrictions in the program's "JSON:API" module and "REST/File" module. A remote user could bypass the implemented security...

PT-2020-6400 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.8 Drupal Core versions prior to 8.9.1 Drupal Core versions prior to 9.0.1 Description: The issue is related to improper authorization in the Drupal Core JSON:API module when the read only setting is set to...

JSON:API - Critical - Unsupported - SA-CONTRIB-2020-010

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The security team and module maintainers are marking this project unsupported. Both the 8.x-1.x and 8.x-2.x versions are unsupported, and users of either version are...