Plesk for Windows
kb: how-to
Plesk for Linux
Situation
Is Plesk affected by CVE-2024-38998 or CVE-2024-38999?
Impact
Plesk is not affected by this vulnerability.
Exploiting these vulnerabilities is only possible if an attacker can inject a custom configuration with the __proto__ option into RequireJS via one of the following functions: config, s.contexts._.configure, or parse. In Plesk, user-supplied input is not passed to these functions, preventing attackers from exploiting this vulnerability.
Call to Action
No actions are required.
Comments
Please sign in to leave a comment.