Plenti arbitrary file deletion vulnerability
High severity
GitHub Reviewed
Published
Oct 31, 2024
to the GitHub Advisory Database
•
Updated Oct 31, 2024
Package
Affected versions
< 0.7.2
Patched versions
0.7.2
Description
Published by the National Vulnerability Database
Oct 25, 2024
Published to the GitHub Advisory Database
Oct 31, 2024
Reviewed
Oct 31, 2024
Last updated
Oct 31, 2024
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The
/postLocal
endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.References