CVE-2014-1398

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.

Date published : 2018-04-10

http://www.securityfocus.com/bid/64729

https://bugzilla.redhat.com/show_bug.cgi?id=1050802