PYSEC-2021-83

Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...

Design/Logic Flaw

Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...

Plone 代码问题漏洞

Plone is the Plone Foundation's open source content management system running on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An attacker can exploit this vulnerability to initiate a server-side request using the lxml parser...

@supermodel/cli (>=0.45.0 <=0.48.1), @supermodel/lib (>=0.4.4 <=0.5.0) +1 more potentially affected by unknown CVE via jsonpointer (=4.0.1)

jsonpointer NPM version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on jsonpointer and may be impacted: - @supermodel/cli =0.45.0, =0.4.4, =0.0.3, =0.0.9 Source cves: unknown CVE Source advisory: SNYK:JS-JSONPOINTER-598804...

Supermodel World Tour - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Supermodel World Tour published at the 'play' market has multiple vulnerabilities...