{"id":"GHSA-47p5-p3jw-w78w","summary":"Server-Side Request Forgery in Plone CMS","details":"An issue in Plone CMS allows attacker to access sensitive information via the RSS feed protlet.","aliases":["CVE-2021-33926","PYSEC-2023-289"],"modified":"2025-03-19T15:58:36.839514Z","published":"2023-02-17T18:30:23Z","database_specific":{"cwe_ids":["CWE-918"],"severity":"HIGH","github_reviewed":true,"nvd_published_at":"2023-02-17T18:15:00Z","github_reviewed_at":"2023-02-17T20:50:53Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33926"},{"type":"PACKAGE","url":"https://github.com/plone/Plone"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2023-289.yaml"},{"type":"WEB","url":"https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf"},{"type":"WEB","url":"https://plone.org/security/hotfix/20210518"},{"type":"WEB","url":"https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url"}],"affected":[{"package":{"name":"plone","ecosystem":"PyPI","purl":"pkg:pypi/plone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.3"},{"fixed":"5.2.5"}]}],"versions":["4.3","4.3.1","4.3.10","4.3.11","4.3.12","4.3.13","4.3.14","4.3.15","4.3.16","4.3.17","4.3.18","4.3.19","4.3.2","4.3.20","4.3.3","4.3.4","4.3.5","4.3.6","4.3.7","4.3.8","4.3.9","5.0","5.0.1","5.0.10","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.0.9","5.0a1","5.0a2","5.0a3","5.0b1","5.0b2","5.0b3","5.0b4","5.0rc1","5.0rc2","5.0rc3","5.1.0","5.1.1","5.1.2","5.1.3","5.1.4","5.1.5","5.1.6","5.1.7","5.1a1","5.1a2","5.1b1","5.1b2","5.1b3","5.1b4","5.1rc1","5.1rc2","5.2.0","5.2.1","5.2.2","5.2.3","5.2.4","5.2a1","5.2a2","5.2b1","5.2rc1","5.2rc2","5.2rc3","5.2rc4","5.2rc5"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-47p5-p3jw-w78w/GHSA-47p5-p3jw-w78w.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}