Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.
References
Link | Resource |
---|---|
https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205 | Product |
https://github.com/plentico/plenti/releases/tag/v0.7.2 | Release Notes |
https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/ | Exploit Third Party Advisory |
Configurations
History
14 Nov 2024, 23:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Plenti plenti
Plenti |
|
References | () https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205 - Product | |
References | () https://github.com/plentico/plenti/releases/tag/v0.7.2 - Release Notes | |
References | () https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:plenti:plenti:*:*:*:*:*:*:*:* | |
CWE | CWE-22 |
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Oct 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 14:15
Updated : 2024-11-14 23:04
NVD link : CVE-2024-49381
Mitre link : CVE-2024-49381
CVE.ORG link : CVE-2024-49381
JSON object : View
Products Affected
plenti
- plenti