Please confirm what Drupal Rule is providing protecting for the following:
CVE-2019-6340 – Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
CVSS score has not been determined at this time
A site is only affected by this if one of the following conditions is met:
The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or…
the site has another web services module enabled, like JSON:API in Drupal 8, or Servicesor RESTful Web Services in Drupal 7.