Sensitive Data Exposure in Drupal REST Views by Drupal
CVE-2024-13254

Currently unrated

Key Information:

Vendor: Drupal
Status: Rest Views
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-13254?

The vulnerability in Drupal's REST Views component allows attackers to exploit forceful browsing methods, potentially leading to the exposure of sensitive information transmitted within API responses. This particularly affects REST Views versions prior to 3.0.1, making it essential for users to update to the latest version to mitigate risks associated with unauthorized information access.

References

https://www.drupal.org/sa-contrib-2024-018

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025