The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupals security advisory policy.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Rest/json |
Rest/json_project |
* |
7.x-1.5 (including) |
References