Search for packages
| purl | pkg:composer/drupal/core@8.3.0-alpha0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4uee-2dmr-akbh
Aliases: CVE-2017-6919 GHSA-6hpj-9xj7-2jxx |
Drupal access control bypass vulnerability Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests. |
Affected by 60 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-31T09:21:50.378159+00:00 | GitLab Importer | Affected by | VCID-4uee-2dmr-akbh | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/drupal/core/CVE-2017-6919.yml | 37.0.0 |