CVE-2020-28736

Improper Restriction of XML External Entity Reference in pypi/Plone

Identifier

CVE-2020-28736

Package Slug

pypi/Plone

Vulnerability

Improper Restriction of XML External Entity Reference

Description

Plone allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).

Affected Versions

All versions before 5.2.3

Solution

Upgrade to version 5.2.3 or above.

Last Modified

2021-01-06

source