CVE
CVE-2024-13254
The Rest views module lets site admins create rest exports in views with additional options for serializing data.This module does not accurately check access and may expose paths to unpublished cont...
The Rest views module lets site admins create rest exports in views with additional options for serializing data.
This module does not accurately check access and may expose paths to unpublished content.
This vulnerability is mitigated by the fact that there must be a specific content structure to expose.
Paths to unpublished entities (such as nodes) will be exposed if those entities are referenced from other entities listed in a REST display, and the reference field on those listed entities is displayed with the "Entity path" formatter.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
C
H
U
0
-
C
H
U
-
Related Resources
No items found.
References
https://www.drupal.org/sa-contrib-2024-018
Basic Information
Ecosystem
