cvedb.io
CVE-2024-49381
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2024-10-25T14:15:12.160 · Last modified 2026-06-17T07:59:47.977

Summary

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.

Affected products

plenti — plenti

Does this affect you?

Add your gear to cvedb and we'll alert you only when plenti ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.