BIT-DRUPAL-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

Cache poisoning in drupal/core

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

UBUNTU-CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

Privilege escalation

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

CVE-2023-5256

Summary: CVE-2023-5256 affects Drupal sites with the JSON:API module enabled. In certain scenarios, the module outputs error backtraces that may cause sensitive information to be cached and accessible to anonymous users, enabling privilege escalation. Affected scope: Drupal installations with JSO...

Drupal 10.1.x < 10.1.4 Cache Poisoning

According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.x prior to 9.5.11, 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.4. In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause...

DRUPAL-CORE-2023-006

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...