First published: Fri May 21 2021(Updated: )
Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Plone Plone | <=5.2.4 | |
pip/Plone | <=5.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-33511.
The severity of CVE-2021-33511 is high with a severity value of 7.5.
The affected software is Plone version up to 5.2.4.
CVE-2021-33511 allows SSRF (Server-Side Request Forgery) via the lxml parser, affecting Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.
Yes, you can find more information about CVE-2021-33511 at the following references: [Reference 1](http://www.openwall.com/lists/oss-security/2021/05/22/1) and [Reference 2](https://plone.org/security/hotfix/20210518/server-side-request-forgery-via-lxml-parser).