Description
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
Related CPE's
Could not find any relations
References
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
9.3 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Received
Published
2024-10-11T15:15:05.613
3 months agoLast modified
2024-10-11T15:15:05.613
3 months ago