Drupal · Drupal · CVE-2017-6923
**Name of the Vulnerable Software and Affected Versions**
Drupal 8.x versions prior to 8.3.7
**Description**
The views subsystem in Drupal did not restrict access to the Ajax endpoint for updating displayed data via filter parameters when creating a view. This issue can be mitigated if access restrictions are in place on the view. It is recommended to include access restrictions on all views as a best practice.
**Recommendations**
For Drupal 8.x versions prior to 8.3.7, update to version 8.3.7 or later to resolve the issue. As a temporary workaround, consider including access restrictions on all views to minimize the risk of exploitation.