CVE-2017-6919

Published: 2017-04-20T02:59Z

Last Modified: 2024-11-21T03:30Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt