2025-03-12 00:00:00
mitre
PUBLISHED
Plenti <= 0.7.16 is vulnerable to code execution. Users uploading .svelte files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.