CVE-2017-6919

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-6919

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6919.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-6919

Aliases

GHSA-6hpj-9xj7-2jxx

Published

2017-04-20T02:59:00.143Z

Modified

2025-11-14T05:20:01.084059Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

079a52b45df32b8aa82d1eb0c57bd97d1e065f57

Last affected

09dbe27efa2b6f255b804168711166bd3f8b6d4e

Last affected

0cc47a34bd0d95b1deff02715239c073dcb24693

Last affected

121cf4e23ae2f475f785939ab504ed2a1d52dfd0

Last affected

13692d3b92b2d4ddd93b0ddf0a4c4d97b37e68a8

Last affected

15ddad3bf498b0e8bdfe7724e1dbaf653c2d7885

Last affected

19b32a3ab40e8c89495ee260e46a5e8375ad3756

Last affected

1db8df63020cb020ed13a9793669f6e435f64334

Last affected

226cc0b21da1b49c654e3773da2ccd2341aca5d6

Last affected

260d019e286d36f7d2b4fb5b3d62723a9ee81840

Last affected

2b08ba7c1c7afb76c1e3d54e533ab631c5a0ba67

Last affected

2d64433829033660b87a1a1d054b3899a18addba

Last affected

30115b418e854f4df5b94a1667d3ade55cfb9471

Last affected

305b2f38da238705a10e543994808ce29dbdbbc0

Last affected

32801642fc1bc9f4a9942ce90e9b3669e74d16b3

Last affected

35c2f3ca5c935f3d8bde15932a712677c9bbd50f

Last affected

3f7404935955cd2a63023e77a07c4231ad5ff62a

Last affected

407b39f9602321dd0e979006c929339ec34f0d6c

Last affected

40bc6813016bc7de89986998a75fa13d76ce3152

Last affected

48786c6ee658f4ef4275962331d406ab186dd6f0

Last affected

4f05b98429b58c93fec1a8222956851f03a6c4ac

Last affected

5249c53ef0c3a715bc46bb568c91470ed0374996

Last affected

5899fe1f5b0f9c1f9feaa893f5ead14955d6231c

Last affected

598ccc572506256a13c6b3eb978b348f0dee3c6b

Last affected

5a19562de5b1a8a056bc33c467d806073c4ac085

Last affected

5bf651dabf88766a588adf3c34a7ee2fa1ab4016

Last affected

5e60a2770329300866319aac1ab465159688d319

Last affected

6204be67bb3c1a0b64991770c27b62dbadb15007

Last affected

647bfab79e6ee1fddb339c50152315e479d4fe8f

Last affected

64de978a08663904ba8231f20d2f26c8f5a135e8

Last affected

6a9957ac031cc5576d4a043ef77c8cc31d2f597e

Last affected

6d42807a7fb20809a37898453d7b8bad0c9fdc29

Last affected

6ffaabfece5d21e41c1ae53c8e3a8f6ffa94582a

Last affected

70378b5c5dd7c99f56f7e3f36cffcd33d46644c6

Last affected

711288453bb031c0ad5324f5361339d51a8dd511

Last affected

766daeb0449588db7207606c22bcf7b59d1f6f9b

Last affected

7b4d06507ae7134b0906ec49480b09517f55fc82

Last affected

8bd13242c06ad307c72500b17c38cf325de424a0

Last affected

9b0cfa7415e91b80fb5a87760477b6f5783eb048

Last affected

9b7ead2e45935bc1dadfe74490b8cbefa54f433a

Last affected

a5faa6332c371d90777269ceb3bccda7c4bd0ac3

Last affected

a87557fde744444c0f7f5344d4f82b721a65717e

Last affected

b101f904648a70822b87427007b6228c3824e0ae

Last affected

b459401734b37f28b3efd5e8cbb0a885fca7fc55

Last affected

b58c96d3ff481b2a41b3937107896cc0587bd71e

Last affected

b7390caeeec23886c4b8d91f8952c35c034cd41f

Last affected

c0d600fe2ce507f28e91acc51d7f63be28521536

Last affected

c24c1c7694c3970213e758a7198bc4e4a9c485f8

Last affected

c3f5245f1c98a8a1cf119c977db05488e0a32074

Last affected

ce4cc6593bb01ab2b7817ae54beed9632f6e850e

Last affected

d53f5234293d7d1a3bc8083ad13d7c850c834583

Last affected

d918ae1ecc4e0fb86ae9296da1a39f02bd36cde4

Last affected

e15ebedc4c6afdab87c1ffd7cb1f5ca462aafe87

Last affected

e2fc6ffedf85722e2210edee645fa00d12771c3b

Last affected

f1def1199d3e73144d8931b30ebef7d2d82526cb

Last affected

f25feddd5ca56e6155e26e52667ab4fef87bb19d

Last affected

f7e125ce37fbf52b9581c2f9fade7ff33267bb42

Last affected

fb83de52e58e8fb3303de7aa9834f99ae128564a

Last affected

fc345ab700c4d00eb5d1f5000700bc534feb49c6

Affected versions

1.*

1.0

2.*

2.0

3.*

3.0.1

5.*

5.0-beta-1

5.0-beta-2

5.0-rc-1

5.0-rc-2

6.*

6.0-beta-1

6.0-beta-2

6.0-beta-3

6.0-beta-4

6.0-rc-1

6.0-rc-2

6.0-rc-3

7.*

7.0

7.0-alpha1

7.0-alpha2

7.0-alpha3

7.0-alpha4

7.0-alpha5

7.0-alpha6

7.0-alpha7

7.0-beta1

7.0-beta2

7.0-beta3

7.0-rc-1

7.0-rc-2

7.0-rc-3

7.0-rc-4

7.0-unstable-1

7.0-unstable-10

7.0-unstable-2

7.0-unstable-3

7.0-unstable-4

7.0-unstable-5

7.0-unstable-6

7.0-unstable-7

8.*

8.0-alpha10

8.0-alpha11

8.0-alpha12

8.0-alpha13

8.0-alpha2

8.0-alpha3

8.0-alpha4

8.0-alpha5

8.0-alpha6

8.0-alpha7

8.0-alpha8

8.0-alpha9

8.0.0-alpha14

8.0.0-alpha15

8.0.0-beta1

8.0.0-beta2

8.0.0-beta3

8.0.0-beta4

8.0.0-beta5

8.0.0-beta6

8.0.0-beta7

8.0.0-beta9

Other

start

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6919.json"