CVE-2021-33926: Server-Side Request Forgery in Plone CMS
(updated )
An issue in Plone CMS allows attacker to access sensitive information via the RSS feed protlet.
References
- github.com/advisories/GHSA-47p5-p3jw-w78w
- github.com/plone/Plone
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
- github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
- nvd.nist.gov/vuln/detail/CVE-2021-33926
- plone.org/security/hotfix/20210518
- plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
Detect and mitigate CVE-2021-33926 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →