CVE-2020-13677 log

Severity High
Remote Yes
Type Access restriction bypass
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.

Sites that do not have the JSON:API module enabled are not affected.
Group Package Affected Fixed Severity Status Ticket
AVG-2407 drupal 9.2.0-1 9.2.6-1 High Fixed