Description
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
Affected products
- Drupal / Core9.2.x – 9.2.6
- Drupal / Core9.1.x – 9.1.13
- Drupal / Core8.9.x – 8.9.19