[GOVCMSD7-360] Update Services module to 7.x-3.27 #971

suhyeonh · 2020-06-22T01:22:48Z

Security Advisory - https://www.drupal.org/sa-contrib-2020-022
View online: https://www.drupal.org/sa-contrib-2020-022

Project: Services [1]
Version: 7.x-3.x-dev
Date: 2020-June-03
Security risk: Moderately critical 11∕25
AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:All [2]
Vulnerability: Access bypass

Description:
This module provides a standardized solution for building API's so that
external clients can communicate with Drupal.

The module's taxonomy term index resource doesn't take into consideration
certain access control tags provided (but unused) by core, that certain
contrib modules depend on.

This vulnerability is mitigated by the fact your site must have the taxonomy
term index resource enabled, your site must have a contributed module enabled
which utilizes taxonomy term access control, and an attacker must know your
api endpoint's path.

Solution:
Install the latest version:

Suhyeon Hong added 2 commits June 22, 2020 11:21

[GOVCMSD7-360] Update Services module to 7.x-3.26

936d9c5

update to 7.x-3.27

d9a4404

suhyeonh changed the title ~~[GOVCMSD7-360] Update Services module to 7.x-3.26~~ [GOVCMSD7-360] Update Services module to 7.x-3.27 Jun 22, 2020

Merge branch '7.x-3.x' into GOVCMSD7-360

6b5a3ad

ruwanl approved these changes Jun 22, 2020

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GOVCMSD7-360] Update Services module to 7.x-3.27 #971

[GOVCMSD7-360] Update Services module to 7.x-3.27 #971

suhyeonh commented Jun 22, 2020

[GOVCMSD7-360] Update Services module to 7.x-3.27 #971

Are you sure you want to change the base?

[GOVCMSD7-360] Update Services module to 7.x-3.27 #971

Conversation

suhyeonh commented Jun 22, 2020