| CVE-2020-13677 |
High |
Yes |
Access restriction bypass |
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access... |
| CVE-2020-13676 |
High |
Yes |
Information disclosure |
The Drupal QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites... |
| CVE-2020-13675 |
High |
Yes |
Access restriction bypass |
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an... |
| CVE-2020-13674 |
High |
Yes |
Cross-site request forgery |
The Drupal QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to... |
| CVE-2020-13673 |
High |
Yes |
Cross-site scripting |
The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an... |