-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper validation of redirect URLs. Multiple sources (Plone security hotfix notes, CVE description, and mailing list discussion) explicitly reference the isURLInPortal check being bypassed. This function is responsible for ensuring URLs belong to the portal domain before allowing redirects. The hotfix addressed this by strengthening its validation logic, confirming its role in the vulnerability. While no direct code diffs are available, the consistent references to this function across all vulnerability descriptions provide high-confidence attribution.
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Plone | pip | >= 4.0, < 4.3.20 | 4.3.20 |
| Plone | pip | >= 5.0rc1, < 5.1.7 | 5.1.7 |
| Plone | pip | >= 5.2.0, < 5.2.2 | 5.2.2 |
Ongoing coverage of React2Shell