Unrated severityNVD Advisory· Published Oct 11, 2024· Updated Oct 15, 2024
Plane allows server side request forgery via /_next/image endpoint
CVE-2024-47830
Description
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1mitrex_refsource_MISC
- github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.