Knowledge Base

Vulnerability CVE-2024-38998/CVE-2024-38999

Situation

Is Plesk affected by CVE-2024-38998 or CVE-2024-38999?

Impact

Plesk is not affected by this vulnerability.

Exploiting these vulnerabilities is only possible if an attacker can inject a custom configuration with the __proto__ option into RequireJS via one of the following functions: config, s.contexts._.configure, or parse. In Plesk, user-supplied input is not passed to these functions, preventing attackers from exploiting this vulnerability.

Call to Action

No actions are required.

Knowledge Base

What operating systems are supported by Plesk Cgroups Manager?

Migration of subscription fails: cagefsctl is already running. please try again later

How to disable web statistics in Plesk?

Unable to update Plesk: debconf: DbDriver “config”: /var/cache/debconf/config.dat is locked by another process

Hosting Wiki

Plesk