Plone up to and including 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
CVE numbers inline below Thanks
On 21/05/2021 16:07, Maurits van Rees wrote:
CVE-2021-33509
CVE-2021-33512
CVE-2021-33507
CVE-2021-33513
CVE-2021-33508 issued, but I forgot that the original reporter already reserved CVE-2021-3313 which is public now with
his report My bad
CVE-2021-33510
CVE-2021-33511
--
Maurits van Re ...