CVE-2024-49381

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:plenti:plenti:*:*:*:*:*:*:*:*

History

14 Nov 2024, 23:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Plenti plenti
Plenti
References () https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205 - () https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205 - Product
References () https://github.com/plentico/plenti/releases/tag/v0.7.2 - () https://github.com/plentico/plenti/releases/tag/v0.7.2 - Release Notes
References () https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/ - () https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:plenti:plenti:*:*:*:*:*:*:*:*
CWE CWE-22

28 Oct 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Plenti, un generador de sitios estáticos, tiene una vulnerabilidad de eliminación arbitraria de archivos en versiones anteriores a la 0.7.2. El endpoint `/postLocal` es vulnerable a una eliminación arbitraria de escritura de archivos cuando un usuario de plenti accede a su sitio web. Este problema puede provocar la pérdida de información. La versión 0.7.2 corrige la vulnerabilidad.

25 Oct 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-25 14:15

Updated : 2024-11-14 23:04


NVD link : CVE-2024-49381

Mitre link : CVE-2024-49381

CVE.ORG link : CVE-2024-49381


JSON object : View

Products Affected

plenti

  • plenti
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')