Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-13665

Good to know:

icon
icon

Date: December 12, 2025

Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1.

Severity Score

Related Resources (3)

https://www.drupal.org/sa-core-2020-006
https://nvd.nist.gov/vuln/detail/CVE-2020-13665
https://www.mend.io/vulnerability-database/CVE-2020-13665

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Incorrect Authorization

CWE-863

Top Fix

icon

Upgrade Version

Upgrade to version drupal/core - 8.8.8;drupal/core - 9.0.110;drupal/core - 8.9.1

Learn More

Do you need more information?

Contact Us