drupal/core is vulnerable to Access Control Bypass. The API was not integrated with existing permission controls, resulting in access bypass for users who have access to revisions of content, but not individual items.Read More