Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Drupal Access Bypass Vulnerability - CVE-2020-13665 - Vulnerability Database
Drupal

Drupal Access Bypass Vulnerability - CVE-2020-13665

Critical
Reference: CVE-2020-13665
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-13665
Title: Drupal Access Bypass Vulnerability
Overview:

Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8 8.9.x versions prior to 8.9.1 9.0.x versions prior to 9.0.1.