CVE-2020-28735
HIGH WAF: Medium
CVSS 8.8
Published: 2020-12-30
CWE-918
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
WAF Coverage Analysis
Server-Side Request Forgery (SSRF)
Medium WAF Coverage
OWASP: A10:2021 SSRF
934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| plone | plone | up to 5.2.3 |
References
- dist.plone.org (Release Notes, Vendor Advisory)
- github.com (Patch, Third Party Advisory)
- www.misakikata.com (Broken Link)