Maxim Podorov

**Name of the Vulnerable Software and Affected Versions** Drupal 8.x versions prior to 8.3.7 **Description** The views subsystem in Drupal did not restrict access to the Ajax endpoint for updating displayed data via filter parameters when creating a view. This issue can be mitigated if access restrictions are in place on the view. It is recommended to include access restrictions on all views as a best practice. **Recommendations** For Drupal 8.x versions prior to 8.3.7, update to version 8.3.7 or later to resolve the issue. As a temporary workaround, consider including access restrictions on all views to minimize the risk of exploitation.