ghost@5.0.1 vulnerabilities

ghost is a publishing platform

Affected versions of this package are vulnerable to Improper Neutralization of Formula Elements in a CSV File during a member CSV export. An attacker can execute arbitrary commands by injecting maliciously crafted CSV content.

Upgrade ghost to version 5.82.0 or higher.

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via an SVG profile picture upload. A contributor user can cause scripts to be executed as owner.

Upgrade ghost to version 5.83.0 or higher.

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the excerpt.js component. An attacker can inject and execute arbitrary script code in the context of the user's browser session by crafting a malicious post excerpt.

Upgrade ghost to version 5.76.0 or higher.

ghost is a publishing platform

Affected versions of this package are vulnerable to Arbitrary File Read which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system.

Note: Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's content/ folder.

Upgrade ghost to version 5.59.1 or higher.

ghost is a publishing platform

Affected versions of this package are vulnerable to Directory Traversal due to allowing remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/. This occurs in frontend/web/middleware/static-theme.js file.

Upgrade ghost to version 5.42.1 or higher.

ghost is a publishing platform

Affected versions of this package are vulnerable to Information Exposure such that due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.

Upgrade ghost to version 5.46.1 or higher.

ghost is a publishing platform

Affected versions of this package are vulnerable to Access Restriction Bypass that allows contributors to view draft posts of other users via the /ghost/api/admin/posts endpoint and draft pages of other users via the /ghost/api/admin/pages endpoint.

NOTE: The vendor's position is that this behavior has no security impact.

There is no fixed version for ghost.

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the codeinjection_foot field, which allows users to inject JavaScript into posts.

There is no fixed version for ghost.

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the codeinjection_head field, which allows users to inject JavaScript into posts.

There is no fixed version for ghost.

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the facebook field, which allows users to inject JavaScript into posts.

There is no fixed version for ghost.

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the twitter field, which allows users to inject JavaScript into posts.

There is no fixed version for ghost.

ghost is a publishing platform

Affected versions of this package are vulnerable to Improper Access Control due to improper validation of nested objects via the Memebers API, which allows members to make changes to newsletter settings. Exploiting this vulnerability allows unprivileged users to view and change settings they were not intended to have access to.

NOTE: By exploiting this vulnerability, it is not possible to escalate privileges permanently or get access to further information.

Upgrade ghost to version 4.48.8, 5.22.7 or higher.