Description
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.7.0)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4400)
WordPress 4.5.x Arbitrary File Deletion Vulnerability (4.5 - 4.5.14)
WordPress Plugin Slideshow Gallery LITE Multiple Unspecified Vulnerabilities (1.5.3.3)
WordPress Plugin UserPro-Community and User Profile Security Bypass (4.9.17)