21 matches found
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the htmltomarkdown, markdowntohtml, and inlinecss filters due to incorrect declaration of output safety. An attacker can inject unescaped HTML or script content by supplying specially crafted...
CVE-2026-22597
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
BIT-GHOST-2026-22597 Ghost has SSRF via External Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
CVE-2026-22597
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
CVE-2026-22597 Ghost has SSRF via External Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
CVE-2026-22597 Ghost has SSRF via External Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
CVE-2026-22597
CVE-2026-22597 affects Ghost (Node.js CMS). The vulnerability arises in Ghost’s media inliner mechanism, allowing staff with a valid Ghost Admin API token to exfiltrate data from internal systems via SSRF. Affected versions: 5.38.0–5.130.5 and 6.0.0–6.10.3. Remediation: upgrade to 5.130.6 or 6.11...
CVE-2026-22597 Ghost has SSRF via External Media Inliner
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
EUVD-2026-1427
Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF...
GHSA-VMC4-9828-R48R Ghost has SSRF via External Media Inliner
Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...
Server-side Request Forgery (SSRF)
Overview ghost is a publishing platform Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the media inliner component. An attacker can access internal resources by sending crafted requests through the API while authenticated as a staff user. Remediation Upgra...
Ghost has SSRF via External Media Inliner
Impact A vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. Vulnerable versions This vulnerability is present in Ghost v5.38.0 to v5.130.5 to and Ghost v6.0.0 ...
Malicious Package
Overview images-inliner is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
MAL-2023-519 Malicious code in images-inliner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ab908bfacc86cb5a85edab7717c02f6e58433afd880e9928e8c67114b7af43e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in images-inliner (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ab908bfacc86cb5a85edab7717c02f6e58433afd880e9928e8c67114b7af43e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
[SECURITY] Fedora 36 Update: golang-github-chris-ramon-douceur-0.2.0-6.20200910gitf346305.fc36
A simple CSS parser and inliner in Go...
Fedora: Security Advisory for douceur (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: golang-github-chris-ramon-douceur-0.2.0-5.20200910gitf346305.fc35
A simple CSS parser and inliner in Go...
[SECURITY] Fedora 35 Update: douceur-0.2.0-14.fc35
A simple CSS parser and inliner in Go...
Fedora: Security Advisory for douceur (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...