Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
|
System information
|
| |
|
|
Affected software |
Drupal |
Description
|
Project: Drupal coreDate: 2023-September-20Security risk: Critical 16∕25 AC:Complex/A:None/CI:All/II:Some/E:Theoretical/TD:DefaultVulnerability: Cache poisoningAffected versions: >=8.7.0 =10.0 = 10.1 Description: In certain scenarios, Drupals JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.This vulnerability only affects sites with the
More info:
https://www.drupal.org/sa-core-2023-006 |
Standar resources
|
|
Property |
Value |
|
CVE |
|
