@tryghost/content-api@0.1.0

Vulnerabilities

1 via 1 paths

Dependencies

122

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Remote Code Execution (RCE)

  • Vulnerable module: bunyan
  • Introduced through: ghost-ignition@2.9.6

Detailed paths

  • Introduced through: @tryghost/content-api@0.1.0 ghost-ignition@2.9.6 bunyan@1.8.12
    Remediation: Upgrade to @tryghost/content-api@1.3.9.

Overview

bunyan is an a JSON logging library for node.js services

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via insecure command formatting which allowed creating a "hacked" file in the current dir.

Remediation

Upgrade bunyan to version 1.8.13, 2.0.3 or higher.

References