Critical Security Alert: Update Required for Drupal's RESTful Web Services Module
A critical security vulnerability has been identified in the RESTful Web Services module for Drupal, prompting an urgent update advisory. The module, which transforms Drupal resources into RESTful web services, was found to have insufficient access restrictions for user resources, classified as an access bypass issue. The security flaw, reported by Fran Garcia-Linares and fixed by Neil Drumm of the Drupal Security Team, affects all users of Drupal 7.x-2.x branch. Users are advised to immediately upgrade to RESTful Web Services 7.x-2.10 to mitigate the risk. This update is crucial for maintaining the integrity and security of websites utilizing this module.
Source Reference
Date of Publication
URL
https://www.drupal.org/sa-contrib-2024-019
Disclosure: This content is produced with the assistance of AI.