Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.
CVSS
No CVSS.
References
Configurations
No configuration.
History
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Oct 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 14:15
Updated : 2024-10-28 13:58
NVD link : CVE-2024-49381
Mitre link : CVE-2024-49381
CVE.ORG link : CVE-2024-49381
JSON object : View
Products Affected
No product.
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')