VYPR
Unrated severityNVD Advisory· Published Oct 11, 2024· Updated Oct 15, 2024

Plane allows server side request forgery via /_next/image endpoint

CVE-2024-47830

Description

Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Plane/Planellm-fuzzy2 versions
    <0.23.0+ 1 more
    • (no CPE)range: <0.23.0
    • (no CPE)range: < 0.23.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.