CVE-2023-5256

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-5256
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5256.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-5256
Aliases
Published
2023-09-28T19:15:10Z
Modified
2024-05-29T20:51:59Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.

This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.

The core REST and contributed GraphQL modules are not affected.

References

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type
GIT
Repo
https://github.com/drupal/drupal
Events