The entity_access API in the Entity API module 7.x-1.x prior to 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
entity api project entity api 7.x-1.2 |
||
entity api project entity api 7.x-1.0 |
||
entity api project entity api 7.x-1.1 |
||
fedoraproject fedora 19 |
||
fedoraproject fedora 20 |