By Eduard Kovacs on August 17, 2017 A Drupal 8 security update released on Wednesday addresses several access bypass vulnerabilities affecting components such as views, the REST API and the entity access system.
The most severe of the flaws patched by Drupal 8.3.7 is CVE-2017-6925, a critical issue affecting the entity access system. The weakness can be exploited to view, create, delete or update entities. According to Drupal developers, only entities that don’t have UUIDs and ones that have different access restrictions on different revisions of the same entity are impacted.
Full Article.
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.