CVE-2017-6925

Drupal 8 core before 8.3.7 contains an entity access system vulnerability (CVE-2017-6925) that could allow a remote attacker to view, create, update, or delete entities for which UUIDs are missing or where revision-based access differs. Affected versions are Drupal 8 core prior to 8.3.7; the issu...

Drupal 8.x < 8.3.7 Multiple Vulnerabilities (SA-CORE-2017-004)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.3.7. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the views subsystem due to a failure to restrict access to the Ajax endpoint to only views configured ...