2 matches found
CVE-2020-13677
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected...
CVE-2020-13677
CVE-2020-13677 affects Drupal core where the JSON:API module may fail to properly restrict access, enabling unintended access bypass for content when JSON:API is enabled. The issue is specific to Drupal core’s JSON:API handling; sites without the JSON:API module are not affected. The connected re...