Node.js third-party modules: [Limited bypass of #793704] Blind SSRF in Ghost CMS

2020-03-09T13:43:47
ID H1:815084
Type hackerone
Reporter ryotak
Modified 2020-06-04T09:20:15

Description

Blind SSRF vulnerability in Ghost allows for internal port scanning, or reading oembed contents from internal network.