CVE-2024-49380
CVSS V2 None
CVSS V3 None
Description
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.
Overview
- CVE ID
- CVE-2024-49380
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-25T13:04:01.815Z
- Last Modified Date
- 2024-10-25T14:24:31.224Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/ | x_refsource_CONFIRM |
https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205 | x_refsource_MISC |
https://github.com/plentico/plenti/releases/tag/v0.7.2 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-49380 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49380 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-26 13:35:57 | Added to TrackCVE |