CVE-2014-1398

Name of the Vulnerable Software and Affected Versions Entity API module versions 7.x-1.x before 7.x-1.3

Description The issue concerns the entity wrapper access API in the Entity API module for Drupal, which might allow remote authenticated users to bypass intended access restrictions on certain properties, including comment, user, and node statistics, via unspecified vectors.

Recommendations For Entity API module versions 7.x-1.x before 7.x-1.3, update to version 7.x-1.3 or later to resolve the issue.