<p>Upgrade <code>Plone</code> to version 5.2.3 or higher.</p>

Server-side Request Forgery (SSRF) Affecting plone package, versions [,5.2.3)

Snyk CVSS

Attack Complexity High

Privileges Required High

Availability High

Threat Intelligence

EPSS 0.28% (69^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-PLONE-1055012
published 31 Dec 2020
disclosed 31 Dec 2020
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 31 Dec 2020

CVE-2020-28735 Open this link in a new tab CWE-918 Open this link in a new tab

How to fix?

Upgrade Plone to version 5.2.3 or higher.

Overview

Plone is an user friendly and extensible Content Management System running on top of Python and Zope.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the tracebacks feature (only available to the Manager role).

References

GitHub Issue
Plone Release Note