CVE-2020-28734
pypi/Plone
Improper Restriction of XML External Entity Reference
Plone allows XXE attacks via a feature that is explicitly only available to the Manager role.
All versions before 5.2.3
Upgrade to version 5.2.3 or above.
2021-01-06
source |