CVE-2024-31461

Name of the Vulnerable Software and Affected Versions Plane versions prior to 0.17-dev

Description The issue is a Server-Side Request Forgery (SSRF) vulnerability that may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact includes unauthorized access to internal services, potential leakage of sensitive information, and manipulation of internal systems by interacting with internal APIs.

Recommendations For versions prior to 0.17-dev, update to version 0.17-dev to resolve the issue. As a temporary workaround, consider restricting outgoing network connections from servers hosting the application to essential services only. Additionally, implement strict input validation on URLs or parameters that are used to generate server-side requests.