Go modules package
github.com/plentico/plenti
pkg:golang/github.com/plentico/plenti
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-26260 | — | < 0.7.17 | 0.7.17 | Mar 12, 2025 | Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution. | ||
| CVE-2024-49381 | — | < 0.7.2 | 0.7.2 | Oct 25, 2024 | Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fi | ||
| CVE-2024-49380 | — | < 0.7.2 | 0.7.2 | Oct 25, 2024 | Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0 |
- CVE-2025-26260Mar 12, 2025affected < 0.7.17fixed 0.7.17
Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.
- CVE-2024-49381Oct 25, 2024affected < 0.7.2fixed 0.7.2
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fi
- CVE-2024-49380Oct 25, 2024affected < 0.7.2fixed 0.7.2
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0