CVE-2017-6919 The advisory has been revoked - it doesn't affect any version of package drupal7  (opens in a new tab)


Threat Intelligence

EPSS
0.27% (68th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1604-DRUPAL7-615833
  • published10 Sept 2020
  • disclosed20 Apr 2017

Introduced: 20 Apr 2017

CVE-2017-6919  (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:16.04.

NVD Description

Note: Versions mentioned in the description apply only to the upstream drupal7 package and not the drupal7 package as distributed by Ubuntu.

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.