5465 Total CVEs
26 Years
GitHub
Home / 2026 / CVE-2026-32096
README.md
Rendering markdown...
POC / docker-compose.yml YML
⬇ Raw GitHub ✕ Close 
version: '3.8'

# Minimal Plunk triage environment for CVE research (SNS SSRF)
# Omits: MinIO, ntfy, SMTP — only what's needed to reach /webhooks/sns

services:
  postgres:
    image: postgres:16-alpine
    container_name: plunk-triage-postgres
    environment:
      POSTGRES_DB: plunk
      POSTGRES_USER: plunk
      POSTGRES_PASSWORD: ${DB_PASSWORD:-testpass}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U plunk"]
      interval: 5s
      timeout: 3s
      retries: 10
    networks:
      - plunk-triage

  redis:
    image: redis:7-alpine
    container_name: plunk-triage-redis
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 10
    networks:
      - plunk-triage

  plunk:
    image: ghcr.io/useplunk/plunk@sha256:729961b121923477c568e3e5b4698dfb1efcd87a7dbeea60cb538ba83b2f19da  # pinned vulnerable version (was :latest on 2026-03-02)
    container_name: plunk-triage-api
    depends_on:
      postgres:
        condition: service_healthy
      redis:
        condition: service_healthy
    ports:
      - "9080:80"      # nginx on 80 → exposed as localhost:9080
    environment:
      SERVICE: all
      NODE_ENV: production

      # DB / Redis
      DATABASE_URL: postgresql://plunk:${DB_PASSWORD:-testpass}@postgres:5432/plunk
      DIRECT_DATABASE_URL: postgresql://plunk:${DB_PASSWORD:-testpass}@postgres:5432/plunk
      REDIS_URL: redis://redis:6379

      # Security
      JWT_SECRET: ${JWT_SECRET:-triage-test-jwt-secret-do-not-use-in-prod}

      # Nginx domain routing (subdomain-based)
      NGINX_PORT: 80
      API_DOMAIN: ${API_DOMAIN:-api.localhost}
      DASHBOARD_DOMAIN: ${DASHBOARD_DOMAIN:-app.localhost}
      LANDING_DOMAIN: ${LANDING_DOMAIN:-www.localhost}
      WIKI_DOMAIN: ${WIKI_DOMAIN:-docs.localhost}
      USE_HTTPS: "false"

      # Explicit URIs (also set by setup-nginx.sh — provided here as belt-and-suspenders)
      API_URI: http://${API_DOMAIN:-api.localhost}:9080
      DASHBOARD_URI: http://${DASHBOARD_DOMAIN:-app.localhost}:9080
      LANDING_URI: http://${LANDING_DOMAIN:-www.localhost}:9080
      WIKI_URI: http://${WIKI_DOMAIN:-docs.localhost}:9080

      # Fake AWS SES creds — not used for /webhooks/sns but required by constants.ts
      AWS_SES_REGION: us-east-1
      AWS_SES_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
      AWS_SES_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
      SES_CONFIGURATION_SET: plunk-configuration-set

      # Disable DB request logging — avoids noise from missing tables during research
      REQUEST_LOGGING: "false"

      # Disable optional features
      S3_ACCESS_KEY_ID: ""
      S3_ACCESS_KEY_SECRET: ""
      STRIPE_SK: ""
      STRIPE_WEBHOOK_SECRET: ""
      PLUNK_API_KEY: ""
      PLUNK_FROM_ADDRESS: ""
      AUTO_PROJECT_DISABLE: "false"

    extra_hosts:
      - "host.docker.internal:host-gateway"   # Linux fallback; macOS has this natively
    networks:
      - plunk-triage

networks:
  plunk-triage:
    driver: bridge