-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists in the postLocal handler for the /postLocal endpoint. The function processes user-supplied file paths without sanitization or validation, enabling attackers to delete files outside the intended directory via path traversal sequences. The GitHub Security Lab advisory (GHSL-2024-298) explicitly identifies this as an arbitrary file deletion vulnerability, and the code implementation matches this behavior by using os.Remove() with untrusted input. The fix in v0.7.2 (commit 081edfd) specifically addresses path containment, confirming the vulnerability's location.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/plentico/plenti | go | < 0.7.2 | 0.7.2 |
A Semantic Attack on Google Gemini - Read the Latest Research