{"id":"GO-2024-3213","summary":"Plenti arbitrary file write vulnerability in github.com/plentico/plenti","details":"Plenti arbitrary file write vulnerability in github.com/plentico/plenti","aliases":["CVE-2024-49380","GHSA-2p96-p7qh-4rgr"],"modified":"2026-03-03T04:55:55.335974Z","published":"2024-10-28T15:20:02Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-3213","review_status":"UNREVIEWED"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-49380"},{"type":"WEB","url":"https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205"},{"type":"WEB","url":"https://github.com/plentico/plenti/releases/tag/v0.7.2"},{"type":"WEB","url":"https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/"}],"affected":[{"package":{"name":"github.com/plentico/plenti","ecosystem":"Go","purl":"pkg:golang/github.com/plentico/plenti"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.7.2"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3213.json"}}],"schema_version":"1.7.3"}