Ben Dougherty

Name of the Vulnerable Software and Affected Versions: REST/JSON project versions 7.x-1.x for Drupal Description: The issue allows user registration bypass. This project is not covered by Drupal's security advisory policy. Recommendations: For versions 7.x-1.x, consider disabling user registration functionality until a patch is available. Restrict access to the REST/JSON project to minimize the risk of exploitation. Avoid using the REST/JSON project for user registration until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: REST/JSON project for Drupal version 7.x-1.x Description: The issue allows session name guessing. This project is not covered by Drupal's security advisory policy. Recommendations: For version 7.x-1.x, update to a version that includes a fix for this issue, as the current version allows session name guessing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.