Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/13xxx/CVE-2024-13276.json",
"cna_assigner": "drupal",
"cwe_ids": [
"CWE-201"
]
}{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "7.x-*"
},
{
"fixed": "7.x-2.39"
}
]
}