You are here
Home > Preporuke > Nadogradnja za Drupal

Nadogradnja za Drupal

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: W, L, U, M
  • Kategorije: VIS, LSU, FBS, APL, LRH, W08, LDE, LFE, LGE, LUB

View online:

Project: Drupal core [1]
Date: 2020-June-17
Security risk: *Less critical* 8∕25
AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:Uncommon [2]
Vulnerability: Access bypass

CVE IDs: CVE-2020-13665
JSON:API PATCH requests may bypass validation for certain fields.

By default, JSON:API works in a read-only mode which makes it impossible to
exploit the vulnerability. Only sites that have the read_only set to FALSE
under jsonapi.settings config are vulnerable.

Install the latest version:

* If you are using Drupal 8.8.x, upgrade to Drupal 8.8.8 [3].
* If you are using Drupal 8.9.x, upgrade to Drupal 8.9.1 [4].
* If you are using Drupal 9.0.x, upgrade to Drupal 9.0.1 [5].

Versions of Drupal 8 prior to 8.8.x are end-of-life and do not receive
security coverage. Sites on 8.7.x or earlier should update to 8.8.8.

Reported By: 
* Sergii Bondarenko [6]

Fixed By: 
* Sergii Bondarenko [7]
* Wim Leers [8]
* Jess [9] of the Drupal Security Team
* Lee Rowlands [10] of the Drupal Security Team


Security-news mailing list
Unsubscribe at

AutorGoran Culibrk
Cert idNCERT-REF-2020-06-0001-ADV
More in Preporuke
Kritične ranjivosti Treck IP Stack koje utječu na Cisco proizvode

Otkrivene su ranjivosti u biblioteci Treck IP stack koji utječu na Cisco proizvode, ranjivosti su grupno imenovane Ripple20. Ovisno o...