CVE-2021-33926 Information

Description

An issue in Plone CMS v. 5.2.4 5.2.3 5.2.2 5.2.1 5.2.0 5.1rc2 5.1rc1 5.1b4 5.1b3 5.1b2 5.1a2 5.1a1 5.1.7 5.1.6 5.1.5 5.1.4 5.1.2 5.1.1 5.1 5.0rc3 5.0rc2 5.0rc1 5.0.9 5.0.8 5.0.7 5.0.6 5.0.5 5.0.4 5.0.3 5.0.2 5.0.10 5.0.1 5.0 4.3.9 4.3.8 4.3.7 4.3.6 4.3.5 4.3.4 4.3.3 4.3.20 4 allows attacker to access sensitive information via the RSS feed protlet.

Reference

https://github.com/s-kustm/Subodh/blob/master/Plone%205.2.4%20Vulnerable%20to%20bilend%20SSRF.pdf https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url https://plone.org/security/hotfix/20210518/blind-ssrf-via-feedparser-accessing-an-internal-url https://plone.org/security/hotfix/20210518