Primary

Context

Plunk Server-Side Request Forgery Vulnerability in AWS SNS Webhook Handler

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in Plunk, an open-source email platform that utilizes AWS Simple Email Service (SES). This vulnerability exists in versions of Plunk prior to 0.7.0, within the SNS webhook handler. An unauthenticated attacker could exploit this issue by sending a crafted request that prompts the server to make an arbitrary outbound HTTP GET request to any host accessible from the server.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery, where an attacker can make the server perform HTTP requests on their behalf, potentially leading to unauthorized access to internal services or data.

Remediation

Users can upgrade to Plunk version 0.7.0 or later to address this vulnerability.

Added: Mar 11, 2026, 8:23 PM

Updated: Mar 11, 2026, 8:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

3.8

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.5

remediation

0.0

relevance

3.8

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Plunk Server-Side Request Forgery Vulnerability in AWS SNS Webhook Handler

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating