GoranStimac.com
How Can I Help
Stay Informed
Let's Connect

©2018 - 2021 Goran Štimac. All rights reserved.
v1.29_b2021-10-12

Drupal Core Moderately Critical Access Bypass SA-Core-2021-010

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.

Sites that do not have the JSON:API module enabled are not affected.

Solution

Install the latest version:

Versions of Drupal 8 prior to 8.9.x and versions of Drupal 9 prior to 9.1.x are end-of-life and do not receive security coverage.

Drupal 7 core does not include the JSON:API module and therefore is not affected.

Share:

comments powered by Disqus

Let’s Talk About Your Needs

Book a Call