4 matches found
ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2022-27139 via ghost (>=0.11.14 <=1.26.2)
ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2022-27139 Source advisory: OSV:GHSA-FVC6-QJP7-M4G4...
CVE-2022-27139
creationtimestamp| type| source ---|---|--- 2022-04-12 20:23:09+00:00| seen| https://t.me/cibsecurity/40648...
CVE-2022-27139
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...
CVE-2022-27139
Ghost v4.39.0 contains an arbitrary file upload vulnerability in its file upload module that can be triggered by a crafted SVG file. The vendor notes that SVG uploads require trusted authenticated users and, per Ghost security documentation, SVGs are not executable on the server and may only run ...