CVSS 3.1 Score 7.5 of 10 (high)


Published Sep 28, 2023
Updated: Oct 5, 2023
CWE ID 200


CVE-2023-5256 is a high-severity vulnerability that affects Drupal's JSON:API module. In certain scenarios, the module can output error backtraces, potentially exposing sensitive information to anonymous users and leading to privilege escalation. The vulnerability can be mitigated by uninstalling the JSON:API module. It is important to note that this vulnerability only affects sites with the JSON:API module enabled, and the core REST and contributed GraphQL modules are not affected.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5256 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options