Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-13665

Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-13665
  • Drupal » Drupal » Version: 8.8.0
    cpe:2.3:a:drupal:drupal:8.8.0
  • Drupal » Drupal » Version: 8.8.1
    cpe:2.3:a:drupal:drupal:8.8.1
  • Drupal » Drupal » Version: 8.8.2
    cpe:2.3:a:drupal:drupal:8.8.2
  • Drupal » Drupal » Version: 8.8.3
    cpe:2.3:a:drupal:drupal:8.8.3
  • Drupal » Drupal » Version: 8.8.4
    cpe:2.3:a:drupal:drupal:8.8.4
  • Drupal » Drupal » Version: 8.8.5
    cpe:2.3:a:drupal:drupal:8.8.5
  • Drupal » Drupal » Version: 8.8.6
    cpe:2.3:a:drupal:drupal:8.8.6
  • Drupal » Drupal » Version: 8.8.7
    cpe:2.3:a:drupal:drupal:8.8.7
  • Drupal » Drupal » Version: 8.9.0
    cpe:2.3:a:drupal:drupal:8.9.0
  • Drupal » Drupal » Version: 9.0.0
    cpe:2.3:a:drupal:drupal:9.0.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved