Search for packages
| purl | pkg:pypi/plone.supermodel@1.0.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-36xh-ua3s-gyfr
Aliases: CVE-2020-28736 GHSA-2c8c-84w2-j38j PYSEC-2020-248 |
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). |
Affected by 0 other vulnerabilities. |
|
VCID-5z33-3pqj-gygw
Aliases: CVE-2020-28734 GHSA-wq6x-g685-w5f2 PYSEC-2020-246 |
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. |
Affected by 0 other vulnerabilities. |
|
VCID-z8kt-tf38-eqgc
Aliases: CVE-2020-28735 GHSA-x7wf-5mjc-6x76 PYSEC-2020-247 |
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-01T06:05:56.594171+00:00 | GitLab Importer | Affected by | VCID-5z33-3pqj-gygw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/plone.supermodel/CVE-2020-28734.yml | 38.6.0 |
| 2026-06-01T06:05:54.348680+00:00 | GitLab Importer | Affected by | VCID-z8kt-tf38-eqgc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/plone.supermodel/CVE-2020-28735.yml | 38.6.0 |
| 2026-06-01T06:05:52.267521+00:00 | GitLab Importer | Affected by | VCID-36xh-ua3s-gyfr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/plone.supermodel/CVE-2020-28736.yml | 38.6.0 |