CVE-2020-28735

Server-Side Request Forgery (SSRF) in pypi/Plone

Identifier

CVE-2020-28735

Package Slug

pypi/Plone

Vulnerability

Server-Side Request Forgery (SSRF)

Description

Plone allows SSRF attacks via the tracebacks feature (only available to the Manager role).

Affected Versions

All versions before 5.2.3

Solution

Upgrade to version 5.2.3 or above.

Last Modified

2021-01-06

source