VYPR
Critical severityNVD Advisory· Published Feb 11, 2022· Updated Aug 4, 2024

CVE-2020-13675

CVE-2020-13675

Description

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
drupal/corePackagist
>= 8.0.0, < 8.9.198.9.19
drupal/corePackagist
>= 9.1.0, < 9.1.139.1.13
drupal/corePackagist
>= 9.2.0, < 9.2.69.2.6

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.