CVE-2024-13254 | THREATINT

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.

PUBLISHED Reserved 2025-01-09 | Published 2025-01-09 | Updated 2025-01-10 | Assigner drupal

Problem types

CWE-201 Insertion of Sensitive Information Into Sent Data

Product status

Default status

unaffected

0.0.0 (semver) before 3.0.1

affected

Credits

nicxvan finder

nicxvan remediation developer

Benji Fisher coordinator

Greg Knaddison coordinator

Cathy Theys coordinator

References

www.drupal.org/sa-contrib-2024-018

cve.org (CVE-2024-13254)

nvd.nist.gov (CVE-2024-13254)

Download JSON