CVE-2024-47830 Plane allows server side request forgery via /_next/image endpoint

Plane is an open-source project management tool. Plane uses the wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0...

Mail.ru: SSRF on fleet.city-mobil.ru leads to local file read

SSRF/LFR vulnerability via image retrieving functionality of operator's cabinet of fleet.city-mobil.ru...