Drupal RESTful Web Services Module Cross Site Request Forgery Vulnerability
The RESTful web services module for Drupal is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
The following versions are vulnerable:
RESTWS 7.x-1.x versions prior to 7.x-1.2.
RESTWS 7.x-2.x versions prior to 7.x-2.0-alpha4