The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| drupal/core(Packagist) | 9.3.0 | 9.3.6 | N/A |
| drupal/core(Packagist) | 8.0.0 | 9.2.13 | N/A |
CVSS Metrics
