5 matches found
CVE-2020-28735
creationtimestamp| type| source ---|---|--- 2026-07-07 21:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq3j4zaqre2f...
CVE-2020-28735
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature only available to the Manager role...
plone-app-portlets (>=5.0.0a3 <=5.0.0a4) potentially affected by CVE-2020-28735 via plone-app-event (=3.2.1)
plone-app-event PYPI version =3.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-event and may be impacted: - plone-app-portlets =5.0.0a3, =5.0.0a4 Source cves: CVE-2020-28735 Source advisory: OSV:GHSA-X7WF-5MJC-6X76...
plone-app-z3cform (>=4.0.0a1 <=4.0.0a10) potentially affected by CVE-2020-28735 via plone-app-dexterity (=2.5.2)
plone-app-dexterity PYPI version =2.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on plone-app-dexterity and may be impacted: - plone-app-z3cform =4.0.0a1, =4.0.0a10 Source cves: CVE-2020-28735 Source advisory: OSV:GHSA-X7WF-5MJC-6X76...
CVE-2020-28735
CVE-2020-28735 affects Plone versions before 5.2.3, where the tracebacks feature (accessible to the Manager role) enables SSRF attacks. The issue is described across multiple sources as a vulnerability in Plone prior to 5.2.3 that allows server-side request forgery via tracebacks. Remediation is ...