CVE-2024-13254

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.

The Rest views module lets site admins create rest exports in views with additional options for serializing data. This module does not accurately check access and may expose paths to unpublished content. This vulnerability is mitigated by the fact that there must be a specific content structure to expose. Paths to unpublished entities (such as nodes) will be exposed if those entities are referenced from other entities listed in a REST display, and the reference field on those listed entities is displayed with the "Entity path" formatter.

La vulnerabilidad de inserción de información confidencial en Drupal REST Views permite una navegación forzada. Este problema afecta a REST Views: desde la versión 0.0.0 hasta la 3.0.1.