CVE-2024-49380
Published: 25 October 2024
Summary
CVE-2024-49380 is a high-severity Injection (CWE-74) vulnerability in Plenti Plenti. Its CVSS base score is 8.9 (High).
Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Plenti, a static site generator, contains an arbitrary file write vulnerability in versions prior to 0.7.2. The flaw resides in the /postLocal endpoint that becomes reachable whenever a user runs the built-in website server, and it is tracked under CWE-74 and CWE-78. Successful exploitation can result in remote code execution, reflected in the CVSS 4.0 score of 8.9.
An unauthenticated network attacker can send crafted requests to the endpoint and write arbitrary files to the underlying filesystem. Because the write occurs in the context of the running Plenti process, an attacker can place executable content or configuration files that lead to code execution on the host.
The issue is resolved in release 0.7.2. The project’s GitHub advisory and corresponding code change in serve.go document the fix and recommend that sites running the development server upgrade immediately.
The EPSS score is currently 0.7146 at its observed peak, indicating notable exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2907
Vulnerability details
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote…
more
Code Execution. Version 0.7.2 fixes the vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.
Validates inputs to block special elements that would alter OS command execution.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.