ghost is vulnerable to Path Traversal. The vulnerability exists because the static-theme.js
does not properly sanitize file paths, which allows an attacker to access files outside the expected directory and read arbitrary files within the active theme’s folder via relative paths such as /assets/built%2F..%2F..%2F/