{"id":"CVE-2024-49381","summary":"Plenti arbitrary file deletion vulnerability","details":"Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.","aliases":["GHSA-6h8w-hrfp-pffx","GO-2024-3214"],"modified":"2026-04-09T12:00:50.916541Z","published":"2024-10-25T13:06:13.307Z","related":["SUSE-SU-2024:3911-1","openSUSE-SU-2024:0350-1","openSUSE-SU-2024:14447-1"],"database_specific":{"cwe_ids":["CWE-74"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49381.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205"},{"type":"WEB","url":"https://github.com/plentico/plenti/releases/tag/v0.7.2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49381.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49381"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/plentico/plenti","events":[{"introduced":"0"},{"fixed":"081edfd776bb6f50da302e55f9b1d44da29f69f1"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.7.2"}]}}],"versions":["v0.1.0","v0.1.1","v0.1.10","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.2","v0.1.20","v0.1.21","v0.1.22","v0.1.23","v0.1.24","v0.1.25","v0.1.26","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.2.0","v0.2.1","v0.2.10","v0.2.11","v0.2.12","v0.2.13","v0.2.14","v0.2.15","v0.2.16","v0.2.17","v0.2.18","v0.2.19","v0.2.2","v0.2.20","v0.2.21","v0.2.22","v0.2.23","v0.2.24","v0.2.25","v0.2.26","v0.2.27","v0.2.28","v0.2.29","v0.2.3","v0.2.30","v0.2.31","v0.2.32","v0.2.33","v0.2.34","v0.2.35","v0.2.36","v0.2.37","v0.2.38","v0.2.39","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.2.9","v0.3.0","v0.3.1","v0.3.10","v0.3.11","v0.3.12","v0.3.13","v0.3.14","v0.3.15","v0.3.16","v0.3.17","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.3.9","v0.4.0","v0.4.1","v0.4.10","v0.4.11","v0.4.12","v0.4.13","v0.4.14","v0.4.15","v0.4.16","v0.4.17","v0.4.18","v0.4.19","v0.4.2","v0.4.20","v0.4.21","v0.4.22","v0.4.23","v0.4.24","v0.4.25","v0.4.26","v0.4.27","v0.4.28","v0.4.29","v0.4.3","v0.4.30","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.4.8","v0.4.9","v0.5.0","v0.5.1","v0.5.10","v0.5.11","v0.5.12","v0.5.13","v0.5.14","v0.5.15","v0.5.16","v0.5.17","v0.5.18","v0.5.19","v0.5.2","v0.5.20","v0.5.21","v0.5.22","v0.5.23","v0.5.24","v0.5.3","v0.5.4","v0.5.5","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.6.10","v0.6.11","v0.6.12","v0.6.13","v0.6.14","v0.6.15","v0.6.16","v0.6.17","v0.6.18","v0.6.19","v0.6.2","v0.6.20","v0.6.21","v0.6.22","v0.6.23","v0.6.24","v0.6.25","v0.6.26","v0.6.27","v0.6.28","v0.6.29","v0.6.3","v0.6.30","v0.6.31","v0.6.32","v0.6.33","v0.6.34","v0.6.35","v0.6.36","v0.6.37","v0.6.38","v0.6.39","v0.6.4","v0.6.40","v0.6.41","v0.6.42","v0.6.43","v0.6.44","v0.6.45","v0.6.46","v0.6.47","v0.6.48","v0.6.49","v0.6.5","v0.6.50","v0.6.51","v0.6.52","v0.6.53","v0.6.54","v0.6.55","v0.6.56","v0.6.57","v0.6.58","v0.6.59","v0.6.6","v0.6.60","v0.6.61","v0.6.62","v0.6.7","v0.6.8","v0.6.9","v0.7.0","v0.7.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49381.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"}]}