Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/plane@0.2.1

Type pypi

Namespace

Name plane

Version 0.2.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-j738-g9q2-ebdh

vulnerability_id VCID-j738-g9q2-ebdh

summary Plane is an an open-source project management tool. Prior to version 1.2.3, the webhook URL validation in plane/app/serializers/webhook.py only checks ip.is_loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private/internal network addresses (10.x.x.x, 172.16.x.x, 192.168.x.x, 169.254.169.254, etc.). When webhook events fire, the server makes requests to these internal addresses and stores the response — enabling SSRF with full response read-back. This issue has been patched in version 1.2.3.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-30242

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03107
published_at	2026-06-12T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03093
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-30242

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-30242

reference_id

CVE-2026-30242

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-30242

reference_url

https://github.com/advisories/GHSA-fpx8-73gf-7x73

reference_id

GHSA-fpx8-73gf-7x73

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fpx8-73gf-7x73

reference_url

https://github.com/makeplane/plane/security/advisories/GHSA-fpx8-73gf-7x73

reference_id

GHSA-fpx8-73gf-7x73

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:43:39Z/

url

https://github.com/makeplane/plane/security/advisories/GHSA-fpx8-73gf-7x73

reference_url

https://github.com/makeplane/plane/releases/tag/v1.2.3

reference_id

v1.2.3

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:43:39Z/

url

https://github.com/makeplane/plane/releases/tag/v1.2.3

fixed_packages

url	pkg:pypi/plane@1.2.3
purl	pkg:pypi/plane@1.2.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/plane@1.2.3

aliases CVE-2026-30242, GHSA-fpx8-73gf-7x73

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j738-g9q2-ebdh

url

VCID-rmpa-4mte-akcn

vulnerability_id

VCID-rmpa-4mte-akcn

summary

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission classes being incorrectly configured to allow anonymous access to protected endpoints. This issue has been patched in version 1.2.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-30244

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09926
published_at	2026-06-12T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09878
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-30244

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-30244

reference_id

CVE-2026-30244

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-30244

reference_url

https://github.com/advisories/GHSA-87x4-j8vh-p5qf

reference_id

GHSA-87x4-j8vh-p5qf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-87x4-j8vh-p5qf

reference_url

https://github.com/makeplane/plane/security/advisories/GHSA-87x4-j8vh-p5qf

reference_id

GHSA-87x4-j8vh-p5qf

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:43:56Z/

url

https://github.com/makeplane/plane/security/advisories/GHSA-87x4-j8vh-p5qf

reference_url

https://github.com/makeplane/plane/releases/tag/v1.2.2

reference_id

v1.2.2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-09T20:43:56Z/

url

https://github.com/makeplane/plane/releases/tag/v1.2.2

fixed_packages

aliases

CVE-2026-30244, GHSA-87x4-j8vh-p5qf

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rmpa-4mte-akcn

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plane@0.2.1

Package Instance