Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Plane allows server side request forgery via /_next/image endpoint
Vulnerability Description
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Plane 安全漏洞
Vulnerability Description
Plane是Plane开源的一个开源、自托管的项目规划工具。 Plane v0.23.0之前版本存在安全漏洞,该漏洞源于使用通配符支持从任何主机名检索图像,可能允许攻击者诱导服务器端执行对非预期位置的请求。
CVSS Information
N/A
Vulnerability Type
N/A