3 matches found
CVE-2013-4225
The RESTful Web Services restws module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions or equivalen...
CVE-2013-4225
The RESTful Web Services (RESTWS) module for Drupal is vulnerable in versions 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 due to insufficient restriction of access to entity write operations. This allows remote authenticated users with permissions such as "access resource node" and "create ...
SA-CONTRIB-2013-062 - RESTful Web Services (RESTWS) - Access Bypass
This module enables you to expose Drupal entities as RESTful web services. It provides a machine-readable interface to exchange resources in JSON, XML and RDF. The module doesn't sufficiently check for field level access when preforming entity write operations on POST and PUT requests. It also do...