Services - Less critical - Access bypass - SA-CONTRIB-2019-043
This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The Services module has an access bypass vulnerability in its "attachfile" resource that allows users who have access to create or update nodes that include file fields to...