Entity Api@7.x-1.1 Security Vulnerabilities and Issues — Entity Api@7.x-1.1 CVE List

Lucene search

Entity Api ProjectEntity Api7.x-1.1

4 matches found

CVE•added 2018/04/10 3:29 p.m.•44 views

CVE-2014-1398

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.

6.5CVSS5.9AI score0.00384EPSS

CVE•added 2018/04/10 3:29 p.m.•44 views

CVE-2014-1399

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.

6.5CVSS5.9AI score0.00308EPSS

CVE•added 2018/04/10 3:29 p.m.•44 views

CVE-2014-1400

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.

6.5CVSS5.9AI score0.00384EPSS

CVE•added 2014/07/19 6:55 p.m.•32 views

CVE-2013-4273

The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was ass...

4CVSS6.2AI score0.00283EPSS