VYPR
Critical severity9.1OSV Advisory· Published Apr 10, 2024· Updated Apr 15, 2026

CVE-2024-31461

CVE-2024-31461

Description

Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Plane/PlaneOSV2 versions
    v0.1-dev, v0.10-dev, v0.11-dev, …+ 1 more
    • (no CPE)range: v0.1-dev, v0.10-dev, v0.11-dev, …
    • (no CPE)range: <0.17-dev

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.