Suggestions search

All statuses

Filter by:

With package: python313Packages.envoy-data-plane

Found 12 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-27705

created 1 month, 3 weeks ago

Plane Vulnerable to Cross-Workspace/Cross-Project Asset Modification via IDOR in ProjectAssetEndpoint.patch

Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in `apps/api/plane/app/views/asset/v2.py` (lines 579–593) performs a global asset lookup using only the asset ID (`pk`) via `FileAsset.objects.get(id=pk)`, without verifying that the asset belongs to the workspace and project specified in the URL path. This allows any authenticated user (including those with the GUEST role) to modify the `attributes` and `is_uploaded` status of assets belonging to any workspace or project in the entire Plane instance by guessing or enumerating asset UUIDs. Version 1.2.2 fixes the issue.

References

https://github.com/makeplane/plane/security/advisories/GHSA-rfj3-8c85-g46j x_refsource_CONFIRM
https://github.com/makeplane/plane/commit/9070acbbe81bc02db5c169789da6862d5fc35d96 x_refsource_MISC
https://github.com/makeplane/plane/releases/tag/v1.2.2 x_refsource_MISC

Affected products

plane

==< 1.2.2

Matching in nixpkgs

pkgs.xplanet

Renders an image of the earth or other planets into the X root window

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1
nixos-25.11 1.3.1
- nixos-25.11-small 1.3.1
- nixpkgs-25.11-darwin 1.3.1

pkgs.freeplane

Mind-mapping software

nixos-unstable 1.12.16
- nixpkgs-unstable 1.12.16
- nixos-unstable-small 1.12.16
nixos-25.11 1.12.12
- nixos-25.11-small 1.12.12
- nixpkgs-25.11-darwin 1.12.12

pkgs.m2-planet

PLAtform NEutral Transpiler

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.13.1
- nixos-25.11-small 1.13.1
- nixpkgs-25.11-darwin 1.13.1

pkgs.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8
nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.microplane

CLI tool to make git changes across many repos

nixos-unstable 0.0.37
- nixpkgs-unstable 0.0.37
- nixos-unstable-small 0.0.37
nixos-25.11 0.0.37
- nixos-25.11-small 0.0.37
- nixpkgs-25.11-darwin 0.0.37

pkgs.paper-plane

Chat over Telegram on a modern and elegant client

nixos-unstable 0.1.0-beta.5
- nixpkgs-unstable 0.1.0-beta.5
- nixos-unstable-small 0.1.0-beta.5
nixos-25.11 0.1.0-beta.5
- nixos-25.11-small 0.1.0-beta.5
- nixpkgs-25.11-darwin 0.1.0-beta.5

pkgs.invoiceplane

Self-hosted open source application for managing your invoices, clients and payments

nixos-unstable 1.7.1
- nixpkgs-unstable 1.7.1
- nixos-unstable-small 1.7.1

pkgs.m2-mesoplanet

Macro Expander Saving Our m2-PLANET

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0
nixos-25.11 1.11.0
- nixos-25.11-small 1.11.0
- nixpkgs-25.11-darwin 1.11.0

pkgs.crossplane-cli

Utility to make using Crossplane easier

nixos-unstable 2.1.3
- nixpkgs-unstable 2.1.3
- nixos-unstable-small 2.1.3
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.biplanes-revival

Old cellphone arcade recreated for PC

nixos-unstable 1.2.1
- nixpkgs-unstable 1.2.1
- nixos-unstable-small 1.2.1
nixos-25.11 1.2.1
- nixos-25.11-small 1.2.1
- nixpkgs-25.11-darwin 1.2.1

pkgs.planetary_annihilation

Next-generation RTS that takes the genre to a planetary scale

nixos-unstable 62857
- nixpkgs-unstable 62857
- nixos-unstable-small 62857
nixos-25.11 62857
- nixos-25.11-small 62857
- nixpkgs-25.11-darwin 62857

pkgs.perlPackages.MathPlanePath

Points on a path through the 2-D plane

nixos-unstable 129
- nixpkgs-unstable 129
- nixos-unstable-small 129
nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.perl5Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-unstable 129
- nixpkgs-unstable 129
- nixos-unstable-small 129

pkgs.dprint-plugins.g-plane-malva

CSS, SCSS, Sass and Less formatter.

nixos-unstable 0.15.1
- nixpkgs-unstable 0.15.1
- nixos-unstable-small 0.15.1
nixos-25.11 0.15.1
- nixos-25.11-small 0.15.1
- nixpkgs-25.11-darwin 0.15.1

pkgs.python312Packages.crossplane

NGINX configuration file parser and builder

nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.python313Packages.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8
nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.python314Packages.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8

pkgs.perl538Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.perl540Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.dprint-plugins.g-plane-markup_fmt

HTML, Vue, Svelte, Astro, Angular, Jinja, Twig, Nunjucks, and Vento formatter.

nixos-unstable 0.25.3
- nixpkgs-unstable 0.25.3
- nixos-unstable-small 0.25.3
nixos-25.11 0.25.3
- nixos-25.11-small 0.25.3
- nixpkgs-25.11-darwin 0.25.3

pkgs.dprint-plugins.g-plane-pretty_yaml

YAML formatter.

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.gnomeExtensions.sane-airplane-mode

Make airplane mode sane again! This extension gives you better control over the airplane mode and lets you turn off the annoying "Bluetooth gets turned on when I disable airplane mode" behaviour.

pkgs.python313Packages.envoy-data-plane

Python dataclasses for the Envoy Data-Plane-API

nixos-unstable 1.0.3
- nixpkgs-unstable 1.0.3
- nixos-unstable-small 1.0.3

pkgs.python314Packages.envoy-data-plane

Python dataclasses for the Envoy Data-Plane-API

nixos-unstable 1.0.3
- nixpkgs-unstable 1.0.3
- nixos-unstable-small 1.0.3

pkgs.python312Packages.planetary-computer

Planetary Computer SDK for Python

nixos-25.11 1.0.0.post0
- nixos-25.11-small 1.0.0.post0
- nixpkgs-25.11-darwin 1.0.0.post0

pkgs.python313Packages.planetary-computer

Planetary Computer SDK for Python

nixos-unstable 1.0.0.post0
- nixpkgs-unstable 1.0.0.post0
- nixos-unstable-small 1.0.0.post0
nixos-25.11 1.0.0.post0
- nixos-25.11-small 1.0.0.post0
- nixpkgs-25.11-darwin 1.0.0.post0

pkgs.python314Packages.planetary-computer

Planetary Computer SDK for Python

nixos-unstable 1.0.0.post0
- nixpkgs-unstable 1.0.0.post0
- nixos-unstable-small 1.0.0.post0

pkgs.dprint-plugins.g-plane-pretty_graphql

GraphQL formatter.

nixos-unstable 0.2.3
- nixpkgs-unstable 0.2.3
- nixos-unstable-small 0.2.3
nixos-25.11 0.2.3
- nixos-25.11-small 0.2.3
- nixpkgs-25.11-darwin 0.2.3

pkgs.haskellPackages.amazonka-iot-dataplane

Amazon IoT Data Plane SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.haskellPackages.amazonka-iot-jobs-dataplane

Amazon IoT Jobs Data Plane SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.vscode-extensions.gplane.wasm-language-tools

Language support of WebAssembly

nixos-unstable 1.16.0
- nixpkgs-unstable 1.16.0
- nixos-unstable-small 1.16.0

pkgs.haskellPackages.amazonka-mediastore-dataplane

Amazon Elemental MediaStore Data Plane SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

Package maintainers

@KAction Dmitry Bogatov <KAction@disroot.org>
@selfuryon Sergei Iakovlev <siakovlev@pm.me>
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@charles-dyfis-net Charles Duffy <charles@dyfis.net>
@honnip Jung seungwoo <me@honnip.page>
@onny Jonas Heinrich <onny@project-insanity.org>
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>
@emilytrau Emily Trau <emily+nix@downunderctf.com>
@06kellyjac Jack <hello+nixpkgs@j-k.io>
@Artturin Artturi N <artturin@artturin.com>
@dbirks David Birks <david@birks.dev>
@Aleksanaa Aleksana QwQ <me@aleksana.moe>
@domenkozar Domen Kozar <domen@dev.si>
@daspk04 Pratyush Das <dpratyush.k@gmail.com>
@Lassulus Lassulus <lassulus@gmail.com>
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@samestep Sam Estep <sam@samestep.com>

Untriaged

Permalink CVE-2026-27706

7.7 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 month, 3 weeks ago

Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the internal network and exfiltrate the full response body. By exploiting this vulnerability, an attacker can steal sensitive data from internal services and cloud metadata endpoints. Version 1.2.2 fixes the issue.

References

https://github.com/makeplane/plane/security/advisories/GHSA-jcc6-f9v6-f7jw x_refsource_CONFIRM
https://github.com/makeplane/plane/releases/tag/v1.2.2 x_refsource_MISC

Affected products

plane

==< 1.2.2

Matching in nixpkgs

pkgs.xplanet

Renders an image of the earth or other planets into the X root window

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1
nixos-25.11 1.3.1
- nixos-25.11-small 1.3.1
- nixpkgs-25.11-darwin 1.3.1

pkgs.freeplane

Mind-mapping software

nixos-unstable 1.12.16
- nixpkgs-unstable 1.12.16
- nixos-unstable-small 1.12.16
nixos-25.11 1.12.12
- nixos-25.11-small 1.12.12
- nixpkgs-25.11-darwin 1.12.12

pkgs.m2-planet

PLAtform NEutral Transpiler

nixos-unstable 1.13.1
- nixpkgs-unstable 1.13.1
- nixos-unstable-small 1.13.1
nixos-25.11 1.13.1
- nixos-25.11-small 1.13.1
- nixpkgs-25.11-darwin 1.13.1

pkgs.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8
nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.microplane

CLI tool to make git changes across many repos

nixos-unstable 0.0.37
- nixpkgs-unstable 0.0.37
- nixos-unstable-small 0.0.37
nixos-25.11 0.0.37
- nixos-25.11-small 0.0.37
- nixpkgs-25.11-darwin 0.0.37

pkgs.paper-plane

Chat over Telegram on a modern and elegant client

nixos-unstable 0.1.0-beta.5
- nixpkgs-unstable 0.1.0-beta.5
- nixos-unstable-small 0.1.0-beta.5
nixos-25.11 0.1.0-beta.5
- nixos-25.11-small 0.1.0-beta.5
- nixpkgs-25.11-darwin 0.1.0-beta.5

pkgs.invoiceplane

Self-hosted open source application for managing your invoices, clients and payments

nixos-unstable 1.7.1
- nixpkgs-unstable 1.7.1
- nixos-unstable-small 1.7.1

pkgs.m2-mesoplanet

Macro Expander Saving Our m2-PLANET

nixos-unstable 1.11.0
- nixpkgs-unstable 1.11.0
- nixos-unstable-small 1.11.0
nixos-25.11 1.11.0
- nixos-25.11-small 1.11.0
- nixpkgs-25.11-darwin 1.11.0

pkgs.crossplane-cli

Utility to make using Crossplane easier

nixos-unstable 2.1.3
- nixpkgs-unstable 2.1.3
- nixos-unstable-small 2.1.3
nixos-25.11 2.0.2
- nixos-25.11-small 2.0.2
- nixpkgs-25.11-darwin 2.0.2

pkgs.biplanes-revival

Old cellphone arcade recreated for PC

nixos-unstable 1.2.1
- nixpkgs-unstable 1.2.1
- nixos-unstable-small 1.2.1
nixos-25.11 1.2.1
- nixos-25.11-small 1.2.1
- nixpkgs-25.11-darwin 1.2.1

pkgs.planetary_annihilation

Next-generation RTS that takes the genre to a planetary scale

nixos-unstable 62857
- nixpkgs-unstable 62857
- nixos-unstable-small 62857
nixos-25.11 62857
- nixos-25.11-small 62857
- nixpkgs-25.11-darwin 62857

pkgs.perlPackages.MathPlanePath

Points on a path through the 2-D plane

nixos-unstable 129
- nixpkgs-unstable 129
- nixos-unstable-small 129
nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.perl5Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-unstable 129
- nixpkgs-unstable 129
- nixos-unstable-small 129

pkgs.dprint-plugins.g-plane-malva

CSS, SCSS, Sass and Less formatter.

nixos-unstable 0.15.1
- nixpkgs-unstable 0.15.1
- nixos-unstable-small 0.15.1
nixos-25.11 0.15.1
- nixos-25.11-small 0.15.1
- nixpkgs-25.11-darwin 0.15.1

pkgs.python312Packages.crossplane

NGINX configuration file parser and builder

nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.python313Packages.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8
nixos-25.11 0.5.8
- nixos-25.11-small 0.5.8
- nixpkgs-25.11-darwin 0.5.8

pkgs.python314Packages.crossplane

NGINX configuration file parser and builder

nixos-unstable 0.5.8
- nixpkgs-unstable 0.5.8
- nixos-unstable-small 0.5.8

pkgs.perl538Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.perl540Packages.MathPlanePath

Points on a path through the 2-D plane

nixos-25.11 129
- nixos-25.11-small 129
- nixpkgs-25.11-darwin 129

pkgs.dprint-plugins.g-plane-markup_fmt

HTML, Vue, Svelte, Astro, Angular, Jinja, Twig, Nunjucks, and Vento formatter.

nixos-unstable 0.25.3
- nixpkgs-unstable 0.25.3
- nixos-unstable-small 0.25.3
nixos-25.11 0.25.3
- nixos-25.11-small 0.25.3
- nixpkgs-25.11-darwin 0.25.3

pkgs.dprint-plugins.g-plane-pretty_yaml

YAML formatter.

nixos-unstable 0.6.0
- nixpkgs-unstable 0.6.0
- nixos-unstable-small 0.6.0
nixos-25.11 0.6.0
- nixos-25.11-small 0.6.0
- nixpkgs-25.11-darwin 0.6.0

pkgs.gnomeExtensions.sane-airplane-mode

Make airplane mode sane again! This extension gives you better control over the airplane mode and lets you turn off the annoying "Bluetooth gets turned on when I disable airplane mode" behaviour.

pkgs.python313Packages.envoy-data-plane

Python dataclasses for the Envoy Data-Plane-API

nixos-unstable 1.0.3
- nixpkgs-unstable 1.0.3
- nixos-unstable-small 1.0.3

pkgs.python314Packages.envoy-data-plane

Python dataclasses for the Envoy Data-Plane-API

nixos-unstable 1.0.3
- nixpkgs-unstable 1.0.3
- nixos-unstable-small 1.0.3

pkgs.python312Packages.planetary-computer

Planetary Computer SDK for Python

nixos-25.11 1.0.0.post0
- nixos-25.11-small 1.0.0.post0
- nixpkgs-25.11-darwin 1.0.0.post0

pkgs.python313Packages.planetary-computer

Planetary Computer SDK for Python

nixos-unstable 1.0.0.post0
- nixpkgs-unstable 1.0.0.post0
- nixos-unstable-small 1.0.0.post0
nixos-25.11 1.0.0.post0
- nixos-25.11-small 1.0.0.post0
- nixpkgs-25.11-darwin 1.0.0.post0

pkgs.python314Packages.planetary-computer

Planetary Computer SDK for Python

nixos-unstable 1.0.0.post0
- nixpkgs-unstable 1.0.0.post0
- nixos-unstable-small 1.0.0.post0

pkgs.dprint-plugins.g-plane-pretty_graphql

GraphQL formatter.

nixos-unstable 0.2.3
- nixpkgs-unstable 0.2.3
- nixos-unstable-small 0.2.3
nixos-25.11 0.2.3
- nixos-25.11-small 0.2.3
- nixpkgs-25.11-darwin 0.2.3

pkgs.haskellPackages.amazonka-iot-dataplane

Amazon IoT Data Plane SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.haskellPackages.amazonka-iot-jobs-dataplane

Amazon IoT Jobs Data Plane SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.vscode-extensions.gplane.wasm-language-tools

Language support of WebAssembly

nixos-unstable 1.16.0
- nixpkgs-unstable 1.16.0
- nixos-unstable-small 1.16.0

pkgs.haskellPackages.amazonka-mediastore-dataplane

Amazon Elemental MediaStore Data Plane SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

Package maintainers

@KAction Dmitry Bogatov <KAction@disroot.org>
@selfuryon Sergei Iakovlev <siakovlev@pm.me>
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@charles-dyfis-net Charles Duffy <charles@dyfis.net>
@honnip Jung seungwoo <me@honnip.page>
@onny Jonas Heinrich <onny@project-insanity.org>
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>
@emilytrau Emily Trau <emily+nix@downunderctf.com>
@06kellyjac Jack <hello+nixpkgs@j-k.io>
@Artturin Artturi N <artturin@artturin.com>
@dbirks David Birks <david@birks.dev>
@Aleksanaa Aleksana QwQ <me@aleksana.moe>
@domenkozar Domen Kozar <domen@dev.si>
@daspk04 Pratyush Das <dpratyush.k@gmail.com>
@Lassulus Lassulus <lassulus@gmail.com>
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@samestep Sam Estep <sam@samestep.com>