vulnerability
Drupal: CVE-2020-13675: Drupal core - Moderately critical - Access bypass - SA-CORE-2021-008
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Feb 11, 2022 | Mar 23, 2022 | Mar 23, 2022 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 11, 2022
Added
Mar 23, 2022
Modified
Mar 23, 2022
Description
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.
Solution(s)
drupal-upgrade-8_9_1drupal-upgrade-9_1_1drupal-upgrade-9_2_6

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.