GHSA-3GF9-WV65-GWH9 gradio Server Side Request Forgery vulnerability

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

CVE-2022-28397

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional...

PT-2022-19000 · Ghost Cms · Ghost Cms

Name of the Vulnerable Software and Affected Versions: Ghost CMS version 4.42.0 Description: An arbitrary file upload vulnerability in the file upload module of Ghost CMS allows attackers to execute arbitrary code via a crafted file. The vendor states that files can only be uploaded and published...