CVE-2017-6919: Access Bypass

April 20, 2017 (updated October 3, 2019)

Drupal allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

References

www.securityfocus.com/bid/97941
groups.drupal.org/node/516645
nvd.nist.gov/vuln/detail/CVE-2017-6919
www.drupal.org/SA-CORE-2017-002

Code Behaviors & Features

Detect and mitigate CVE-2017-6919 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →