Plone prior to 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
plone plone