Vulnerability CVE-2024-38998/CVE-2024-38999

[senthil]

Situation

Is Plesk affected by CVE-2024-38998 or CVE-2024-38999?

Impact

Plesk is not affected by this vulnerability.

Exploiting these vulnerabilities is only possible if an attacker can inject a custom configuration with the __proto__
option into RequireJS via one of the following functions: config, s.contexts._.configure, or parse. In Plesk, user-
supplied input is not passed to these functions, preventing attackers from exploiting this vulnerability.

Call to Action

No actions are required.