VulnerableCode Package Details - pkg:pypi/plone.supermodel@1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-36xh-ua3s-gyfr Aliases: CVE-2020-28736 GHSA-2c8c-84w2-j38j PYSEC-2020-248	Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).	1.6.3 Affected by 0 other vulnerabilities.
VCID-5z33-3pqj-gygw Aliases: CVE-2020-28734 GHSA-wq6x-g685-w5f2 PYSEC-2020-246	Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.	1.6.3 Affected by 0 other vulnerabilities.
VCID-z8kt-tf38-eqgc Aliases: CVE-2020-28735 GHSA-x7wf-5mjc-6x76 PYSEC-2020-247	Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).	1.6.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-36xh-ua3s-gyfr
Aliases:
CVE-2020-28736
GHSA-2c8c-84w2-j38j
PYSEC-2020-248

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).

1.6.3
Affected by 0 other vulnerabilities.

VCID-5z33-3pqj-gygw
Aliases:
CVE-2020-28734
GHSA-wq6x-g685-w5f2
PYSEC-2020-246

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.

1.6.3
Affected by 0 other vulnerabilities.

VCID-z8kt-tf38-eqgc
Aliases:
CVE-2020-28735
GHSA-x7wf-5mjc-6x76
PYSEC-2020-247

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).

1.6.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T14:37:05.960008+00:00	GHSA Importer	Affected by	VCID-36xh-ua3s-gyfr	https://github.com/advisories/GHSA-2c8c-84w2-j38j	38.6.0
2026-06-01T14:37:04.083178+00:00	GHSA Importer	Affected by	VCID-z8kt-tf38-eqgc	https://github.com/advisories/GHSA-x7wf-5mjc-6x76	38.6.0
2026-06-01T14:36:59.803382+00:00	GHSA Importer	Affected by	VCID-5z33-3pqj-gygw	https://github.com/advisories/GHSA-wq6x-g685-w5f2	38.6.0
2026-06-01T06:05:56.590231+00:00	GitLab Importer	Affected by	VCID-5z33-3pqj-gygw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/plone.supermodel/CVE-2020-28734.yml	38.6.0
2026-06-01T06:05:54.343633+00:00	GitLab Importer	Affected by	VCID-z8kt-tf38-eqgc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/plone.supermodel/CVE-2020-28735.yml	38.6.0
2026-06-01T06:05:52.262023+00:00	GitLab Importer	Affected by	VCID-36xh-ua3s-gyfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/plone.supermodel/CVE-2020-28736.yml	38.6.0