Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
Max CVSS
7.5
EPSS Score
0.28%
Published
2017-04-20
Updated
2019-10-03
1 vulnerabilities found