Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JS-GHOST-5496954
- published 4 May 2023
- disclosed 3 May 2023
- credit cpaczek
How to fix?
ghost to version 5.46.1 or higher.
ghost is a publishing platform
Affected versions of this package are vulnerable to Information Exposure such that due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.
Users who are unable to upgrade should add a block for requests to
/ghost/api/content/* where the
filter query parameter contains