CVE-2017-6919

CVE-2017-6919

EPSS 1.6%

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.drupal.org/SA-CORE-2017-002 http://www.securityfocus.com/bid/97941 http://www.securitytracker.com/id/1038371