The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupals token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Context | Steven_jones | 6.x-2.0-alpha1 (including) | 6.x-2.0-alpha1 (including) |
| Context | Steven_jones | 6.x-2.0-alpha2 (including) | 6.x-2.0-alpha2 (including) |
| Context | Steven_jones | 6.x-2.0-beta1 (including) | 6.x-2.0-beta1 (including) |
| Context | Steven_jones | 6.x-2.0-beta2 (including) | 6.x-2.0-beta2 (including) |
| Context | Steven_jones | 6.x-2.0-beta3 (including) | 6.x-2.0-beta3 (including) |
| Context | Steven_jones | 6.x-2.0-beta4 (including) | 6.x-2.0-beta4 (including) |
| Context | Steven_jones | 6.x-2.0-beta5 (including) | 6.x-2.0-beta5 (including) |
| Context | Steven_jones | 6.x-2.0-beta6 (including) | 6.x-2.0-beta6 (including) |
| Context | Steven_jones | 6.x-2.0-beta7 (including) | 6.x-2.0-beta7 (including) |
| Context | Steven_jones | 6.x-2.0-rc1 (including) | 6.x-2.0-rc1 (including) |
| Context | Steven_jones | 6.x-2.0-rc2 (including) | 6.x-2.0-rc2 (including) |
| Context | Steven_jones | 6.x-2.0-rc3 (including) | 6.x-2.0-rc3 (including) |
| Context | Steven_jones | 6.x-3.0 (including) | 6.x-3.0 (including) |
| Context | Steven_jones | 6.x-3.0-alpha1 (including) | 6.x-3.0-alpha1 (including) |
| Context | Steven_jones | 6.x-3.0-alpha2 (including) | 6.x-3.0-alpha2 (including) |
| Context | Steven_jones | 6.x-3.0-beta1 (including) | 6.x-3.0-beta1 (including) |
| Context | Steven_jones | 6.x-3.0-beta2 (including) | 6.x-3.0-beta2 (including) |
| Context | Steven_jones | 6.x-3.0-beta3 (including) | 6.x-3.0-beta3 (including) |
| Context | Steven_jones | 6.x-3.0-beta4 (including) | 6.x-3.0-beta4 (including) |
| Context | Steven_jones | 6.x-3.0-beta5 (including) | 6.x-3.0-beta5 (including) |
| Context | Steven_jones | 6.x-3.0-beta6 (including) | 6.x-3.0-beta6 (including) |
| Context | Steven_jones | 6.x-3.0-beta7 (including) | 6.x-3.0-beta7 (including) |
| Context | Steven_jones | 6.x-3.0-beta8 (including) | 6.x-3.0-beta8 (including) |
| Context | Steven_jones | 6.x-3.0-rc1 (including) | 6.x-3.0-rc1 (including) |
| Context | Steven_jones | 6.x-3.0-rc2 (including) | 6.x-3.0-rc2 (including) |
| Context | Steven_jones | 6.x-3.1 (including) | 6.x-3.1 (including) |
| Context | Steven_jones | 6.x-3.x-dev (including) | 6.x-3.x-dev (including) |
| Context | Steven_jones | 7.x-3.0-alpha1 (including) | 7.x-3.0-alpha1 (including) |
| Context | Steven_jones | 7.x-3.0-alpha2 (including) | 7.x-3.0-alpha2 (including) |
| Context | Steven_jones | 7.x-3.0-alpha3 (including) | 7.x-3.0-alpha3 (including) |
| Context | Steven_jones | 7.x-3.0-beta1 (including) | 7.x-3.0-beta1 (including) |
| Context | Steven_jones | 7.x-3.0-beta2 (including) | 7.x-3.0-beta2 (including) |
| Context | Steven_jones | 7.x-3.0-beta3 (including) | 7.x-3.0-beta3 (including) |
| Context | Steven_jones | 7.x-3.0-beta4 (including) | 7.x-3.0-beta4 (including) |
| Context | Steven_jones | 7.x-3.0-beta5 (including) | 7.x-3.0-beta5 (including) |
| Context | Steven_jones | 7.x-3.0-beta6 (including) | 7.x-3.0-beta6 (including) |
| Context | Steven_jones | 7.x-3.0-beta7 (including) | 7.x-3.0-beta7 (including) |
| Context | Steven_jones | 7.x-3.x-dev (including) | 7.x-3.x-dev (including) |