Ghost vulnerable to information disclosure of private API fields
Impact Due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. GhostPro has already been patched. We can find no evidence that the issue was exploited on GhostPro prior to the patch being added. Self-hosters are...