CVE-2021-33509: Incorrect Permission Assignment for Critical Resource in Plone

Severity: Critical

CVSS Score: 10

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.