CVE-2014-1398
CVE-2014-1398 affects Drupal: the Entity API module (7.x-1.x) before 7.x-1.3 may let remote authenticated users bypass access restrictions on comment, user and node statistics properties via unspecified vectors. Connected documents confirm fixes in 7.x-1.3 (e.g., Fedora updates for drupal7-entity...