GHSA-2p96-p7qh-4rgr

Опубликовано: 31 окт. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.9

Описание

Plenti arbitrary file write vulnerability

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.

Ссылки

Пакеты

Наименование

github.com/plentico/plenti

Затронутые версииВерсия исправления

< 0.7.2

0.7.2

EPSS

Процентиль: 98%

0.64256

Средний

8.9 High

CVSS4

CVE ID

CVE-2024-49380

Дефекты

CWE-74

CWE-78

Связанные уязвимости

CVE-2024-49380

CVSS3: 7.5

nvd

больше 1 года назад

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.

SUSE-SU-2024:3911-1

suse-cvrf

больше 1 года назад

Security update for govulncheck-vulndb

EPSS

Процентиль: 98%

0.64256

Средний

8.9 High

CVSS4

CVE ID

CVE-2024-49380

Дефекты

CWE-74

CWE-78