CVE-2023-40028 – ghost

Package

Manager: npm
Name: ghost
Vulnerable Version: >=0 <5.59.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.75814 pctl0.98867

Details

Ghost vulnerable to arbitrary file read via symlinks in content import ### Impact A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder ### Vulnerable versions This security vulnerability is present in Ghost ≤ v5.59.0. ### Patches v5.59.1 contains a fix for this issue. ### For more information If you have any questions or comments about this advisory: * Email us at [security@ghost.org](mailto:security@ghost.org)

Metadata

Created: 2023-08-15T20:35:20Z
Modified: 2023-08-23T17:19:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-9c9v-w225-v5rg/GHSA-9c9v-w225-v5rg.json
CWE IDs: ["CWE-22", "CWE-59"]
Alternative ID: GHSA-9c9v-w225-v5rg
Finding: F063
Auto approve: 1