CVE-2020-28734

Improper Restriction of XML External Entity Reference in pypi/Plone

Identifier

CVE-2020-28734

Package Slug

pypi/Plone

Vulnerability

Improper Restriction of XML External Entity Reference

Description

Plone allows XXE attacks via a feature that is explicitly only available to the Manager role.

Affected Versions

All versions before 5.2.3

Solution

Upgrade to version 5.2.3 or above.

Last Modified

2021-01-06

source