AVG-2407 log

Package drupal
Status Fixed
Severity High
Type multiple issues
Affected 9.2.0-1
Fixed 9.2.6-1
Current 9.2.6-1 [community]
Ticket None
Created Tue Sep 21 11:34:35 2021
Issue Severity Remote Type Description
CVE-2020-13677 High Yes Access restriction bypass
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access...
CVE-2020-13676 High Yes Information disclosure
The Drupal QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.  Sites...
CVE-2020-13675 High Yes Access restriction bypass
Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an...
CVE-2020-13674 High Yes Cross-site request forgery
The Drupal QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to...
CVE-2020-13673 High Yes Cross-site scripting
The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an...