HIGH 8.8
PYSEC-2026-735
Improper Restriction of XML External Entity Reference in Plone
상세
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2020-28736 [ADVISORY]
- https://github.com/plone/Products.CMFPlone/issues/3209 [WEB]
- https://dist.plone.org/release/5.2.3/RELEASE-NOTES.txt [WEB]
- https://github.com/advisories/GHSA-2c8c-84w2-j38j [ADVISORY]
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2020-248.yaml [WEB]
- https://www.misakikata.com/codes/plone/python-en.html [WEB]
- https://pypi.org/project/plone-supermodel [PACKAGE]