CVE-2020-13675

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Drupal (affected versions not specified)

Description The issue concerns the JSON:API and REST/File modules in Drupal, which allow file uploads through their HTTP APIs. However, these modules do not correctly run all file validation, leading to an access bypass issue. An attacker could potentially upload files that bypass the validation process implemented by other modules on the site.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-284

Related Identifiers

BIT-DRUPAL-2020-13675

CVE-2020-13675

DRUPAL-CONTRIB-2021-029

DRUPAL-CORE-2021-008

GHSA-V8WR-R69P-MMWX

Affected Products

Drupal

CVE-2020-13675

Weakness Enumeration

Related Identifiers

Affected Products

References · 10