CVE-2024-13255

CVE-2024-13255: RESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019

Vendor Drupal
Product RESTful Web Services
Weakness CWE-202
Published January 9, 2025
Last update January 10, 2025

CVSS base score

What the vulnerability does

01Description

Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 10, 2025 Record updated