EPSS
Percentile
68.8%
drupal core is vulenrable to access bypass. If a website is running RESTful Web Services and allows PATCH requests, an authenticated user can bypass access restrictions.
PATCH
www.securityfocus.com/bid/97941
www.securitytracker.com/id/1038371
www.drupal.org/SA-CORE-2017-002