Back to search
CVE-2020-13675
Published: Feb 11, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.
| Vendor | Product | Versions |
|---|---|---|
Drupal | Core | affected 9.2.x - < 9.2.6affected 9.1.x - < 9.1.13affected 8.9.x - < 8.9.19 |
Weaknesses (CWE)
References
https://www.drupal.org/sa-core-2021-008
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now