What the vulnerability does

01Description

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.

Key dates

02Disclosure timeline

February 11, 2022 CVE published
August 4, 2024 Record updated