GHSA-mj4v-hp69-27x5: Plenti - Code Injection - Denial of Services

February 5, 2025 (updated February 6, 2025)

While pushing a file via postLocal method if user add javascript code in file parameter that codes can exe in v8go context.

References

github.com/advisories/GHSA-mj4v-hp69-27x5
github.com/plentico/plenti
github.com/plentico/plenti/commit/c3e72a9ebbc2a03f4b0f3104becbfc25e390cb8e
github.com/plentico/plenti/security/advisories/GHSA-mj4v-hp69-27x5
pkg.go.dev/vuln/GO-2025-3454

Code Behaviors & Features

Detect and mitigate GHSA-mj4v-hp69-27x5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →