Sanu1999

**Name of the Vulnerable Software and Affected Versions** Plane versions prior to 1.2.2 **Description** An issue exists in Plane that allows unauthenticated attackers to enumerate workspace members and extract sensitive information, including email addresses, user roles, and internal identifiers. This is due to incorrectly configured Django REST Framework permission classes allowing anonymous access to protected endpoints. Attackers can enumerate all members of any workspace without authentication, extract user email addresses and personally identifiable information, identify administrative accounts, map organizational structure, and conduct reconnaissance for social engineering attacks. The affected **API endpoints** are: `/api/public/workspaces/{workspace slug}/members/` and `/api/public/workspaces/{workspace slug}/projects/{project id}/members/`. The vulnerable parameter is `workspace slug`. **Recommendations** Update to version 1.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** systeminformation versions prior to 5.31.0 **Description** The systeminformation library for node.js is susceptible to command injection through unsanitized output from the `locate` command within the `versions()` function. This occurs when detecting the PostgreSQL version on Linux systems. The `locate` command searches a system-wide database for filenames, and if any indexed filename contains shell metacharacters (specifically semicolons), these characters can be interpreted by the shell when passed to the `exec()` function. The vulnerability requires the target system to be running Linux, have `locate` installed, and contain a PostgreSQL binary in the locate database. An attacker can create files on the filesystem that, when indexed by `updatedb`, allow for arbitrary command execution with the privileges of the Node.js process. The issue is triggered when the `versions()` function is called, potentially in scenarios like monitoring dashboards, CI/CD pipelines, or containerized environments. The vulnerability is exploitable if the attacker can create files on the filesystem and the locate database is updated. Approximately 5,000,000+ downloads occur weekly. **Recommendations** Versions prior to 5.31.0 should be updated to version 5.31.0 or later. Replace `exec()` with `execFile()` for the PostgreSQL binary version check. Additionally, the locate output should be validated against a safe path pattern before use.