github.com/plentico/plenti
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/plentico/plentipage 1 of 1
- CVE-2024-49380HIGHCVSS 7.5EG 7.5✓ Fixed in 0.7.22024-10-25
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may…
- CVE-2024-49381HIGHCVSS 7.5EG 7.5✓ Fixed in 0.7.22024-10-25
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may l…
- CVE-2025-26260HIGHCVSS 8.8EG 8.82025-03-12
Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.
Check whether github.com/plentico/plenti is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/plentico/plenti CVEs against the assets you own.
Start Free Scan →