Description
Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
Remediation
References
Related Vulnerabilities
WordPress Plugin Spot.IM Comments Cross-Site Scripting (4.0.3)
WordPress Plugin MailPoet Newsletters (Previous) Security Bypass (2.8.1)
MediaWiki Other Vulnerability (CVE-2004-2187)
WordPress Plugin Under Construction, Coming Soon & Maintenance Mode Multiple Vulnerabilities (1.1.1)
WordPress Plugin NextCellent Gallery-NextGEN Legacy Cross-Site Scripting (1.9.27)