cvedb.io
CVE-2017-6919
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-04-20T02:59:00.143 · Last modified 2026-06-17T01:23:19.997

Summary

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

Affected products

drupal — drupal

Does this affect you?

Add your gear to cvedb and we'll alert you only when drupal ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.