CVE-2020-13665: Incorrect Authorization

May 5, 2021 (updated May 14, 2021)

Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.

References

nvd.nist.gov/vuln/detail/CVE-2020-13665
www.drupal.org/sa-core-2020-006

Detect and mitigate CVE-2020-13665 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →