CVE-2021-33510: Server-Side Request Forgery in Plone

June 15, 2021 (updated October 18, 2024)

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.

References

github.com/advisories/GHSA-4mg4-wvmx-5332
github.com/plone/Plone
github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2021-82.yaml
nvd.nist.gov/vuln/detail/CVE-2021-33510
plone.org/security/hotfix/20210518/server-side-request-forgery-via-event-ical-url

Detect and mitigate CVE-2021-33510 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →