Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
{ "nvd_published_at": "2022-02-11T16:15:00Z", "cwe_ids": [ "CWE-284", "CWE-863" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-10-04T14:45:42Z" }