GHSA-6h8w-hrfp-pffx

Опубликовано: 31 окт. 2024

Источник: github

Github: Прошло ревью

CVSS4: 8.9

Описание

Plenti arbitrary file deletion vulnerability

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.

Ссылки

Пакеты

Наименование

github.com/plentico/plenti

Затронутые версииВерсия исправления

< 0.7.2

0.7.2

EPSS

Процентиль: 60%

0.00404

Низкий

8.9 High

CVSS4

CVE ID

CVE-2024-49381

Дефекты

CWE-74

Связанные уязвимости

CVE-2024-49381

CVSS3: 7.5

nvd

больше 1 года назад

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.

SUSE-SU-2024:3911-1

suse-cvrf

больше 1 года назад

Security update for govulncheck-vulndb

EPSS

Процентиль: 60%

0.00404

Низкий

8.9 High

CVSS4

CVE ID

CVE-2024-49381

Дефекты

CWE-74