GHSA-x7wf-5mjc-6x76
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x7wf-5mjc-6x76
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-x7wf-5mjc-6x76/GHSA-x7wf-5mjc-6x76.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x7wf-5mjc-6x76
- Aliases
- Published
- 2021-04-07T21:13:44Z
- Modified
- 2024-10-15T20:22:44.798676Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- SSRF attacks via tracebacks in Plone
- Details
-
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
- Database specific
{ "github_reviewed": true, "severity": "HIGH", "cwe_ids": [ "CWE-918" ], "nvd_published_at": "2020-12-30T19:15:00Z", "github_reviewed_at": "2021-04-07T19:31:51Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-28735
- https://github.com/plone/Products.CMFPlone/issues/3209
- https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt
- https://github.com/advisories/GHSA-x7wf-5mjc-6x76
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-247.yaml
- https://www.misakikata.com/codes/plone/python-en.html
Affected packages
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.2.3
Affected versions
3.*
3.2a1
3.2rc1
3.2
3.2.1
3.2.2
3.2.3
3.3b1
3.3rc1
3.3rc2
3.3rc3
3.3rc4
3.3rc5
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.2.7
4.3a1
4.3a2
4.3b1
4.3b2
4.3rc1
4.3
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.18
4.3.19
4.3.20
5.*
5.0a1
5.0a2
5.0a3
5.0b1
5.0b2
5.0b3
5.0b4
5.0rc1
5.0rc2
5.0rc3
5.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.0.9
5.0.10
5.1a1
5.1a2
5.1b1
5.1b2
5.1b3
5.1b4
5.1rc1
5.1rc2
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.7
5.2a1
5.2a2
5.2b1
5.2rc1
5.2rc2
5.2rc3
5.2rc4
5.2rc5
5.2.0
5.2.1
5.2.2
PyPI / plone-app-event
Package
- Name
- plone-app-event
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone-app-event
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.10
Affected versions
1.*
1.0a1
1.0a2
1.0b1
1.0b2
1.0b3
1.0b4
1.0b5
1.0b6
1.0b7
1.0b8
1.0rc1
1.0rc2
1.0rc3
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.1.a1
1.1b1
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.10
1.1.11
1.1.12
1.1.13
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
2.*
2.0a1
2.0a2
2.0a3
2.0a4
2.0a5
2.0a6
2.0a7
2.0a8
2.0a9
2.0a10
2.0a11
2.0a12
2.0a13
2.0b1
2.0b2
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
3.*
3.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.1
3.1.1
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
PyPI / plone-app-theming
Package
- Name
- plone-app-theming
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone-app-theming
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.1.6
Affected versions
1.*
1.0b1
1.0b2
1.0b3
1.0b4
1.0b5
1.0b6
1.0b7
1.0b8
1.0b9
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1a1
1.1a2
1.1b1
1.1b2
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.2.10
1.2.11
1.2.12
1.2.13
1.2.14
1.2.15
1.2.16
1.2.17
1.2.18
1.2.19
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
3.*
3.0.0
3.0.1
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
PyPI / plone-app-dexterity
Package
- Name
- plone-app-dexterity
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone-app-dexterity
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.8
Affected versions
1.*
1.0a1
1.0a2
1.0a3
1.0a4
1.0a5
1.0a6
1.0a7
1.0b1
1.0b2
1.0b3
1.0b4
1.0rc1
1.0
1.0.1
1.0.2
1.0.3
1.1
1.2
1.2.1
1.2.2
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19
2.1.20
2.2.0
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.4.10
2.5.0
2.5.1
2.5.2
2.5.3
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
PyPI / plone-supermodel
Package
- Name
- plone-supermodel
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone-supermodel