Open Redirect Affecting ghost package, versions <3.41.1


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-GHOST-1065888
  • published 8 Mar 2021
  • disclosed 28 Jan 2021
  • credit Thibaut Patel

Introduced: 28 Jan 2021

CVE NOT AVAILABLE CWE-601 Open this link in a new tab

How to fix?

Upgrade ghost to version 3.41.1 or higher.

Overview

ghost is a publishing platform

Affected versions of this package are vulnerable to Open Redirect. It allows redirecting to external sites after providing private site password.

References

CVSS Scores

version 3.1
Expand this section

Snyk

5.9 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    None
  • Integrity (I)
    None
  • Availability (A)
    High