GHSA-47p5-p3jw-w78w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-47p5-p3jw-w78w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-47p5-p3jw-w78w/GHSA-47p5-p3jw-w78w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-47p5-p3jw-w78w
- Aliases
- Published
- 2023-02-17T18:30:23Z
- Modified
- 2025-03-19T15:58:36.839514Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Server-Side Request Forgery in Plone CMS
- Details
-
An issue in Plone CMS allows attacker to access sensitive information via the RSS feed protlet.
- Database specific
{ "nvd_published_at": "2023-02-17T18:15:00Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-918" ], "github_reviewed_at": "2023-02-17T20:50:53Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-33926
- https://github.com/plone/Plone
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml
- https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf
- https://plone.org/security/hotfix/20210518
- https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
4.*
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19
4.3.20
5.*
5.0a1
5.0a2
5.0a3
5.0b1
5.0b2
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5
5.2.0
5.2.1
5.2.2
5.2.3
5.2.4