ghost@1.15.1 vulnerabilities

The professional publishing platform

Direct Vulnerabilities

Known vulnerabilities in the ghost package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via an SVG profile picture upload. A contributor user can cause scripts to be executed as owner.

How to fix Cross-site Scripting (XSS)?

A fix was pushed into the master branch but not yet published.

*
  • M
Cross-site Scripting (XSS)

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the excerpt.js component. An attacker can inject and execute arbitrary script code in the context of the user's browser session by crafting a malicious post excerpt.

How to fix Cross-site Scripting (XSS)?

Upgrade ghost to version 5.76.0 or higher.

<5.76.0
  • M
Arbitrary File Read

ghost is a publishing platform

Affected versions of this package are vulnerable to Arbitrary File Read which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system.

Note: Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's content/ folder.

How to fix Arbitrary File Read?

Upgrade ghost to version 5.59.1 or higher.

<5.59.1
  • H
Directory Traversal

ghost is a publishing platform

Affected versions of this package are vulnerable to Directory Traversal due to allowing remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/. This occurs in frontend/web/middleware/static-theme.js file.

How to fix Directory Traversal?

Upgrade ghost to version 5.42.1 or higher.

<5.42.1
  • H
Information Exposure

ghost is a publishing platform

Affected versions of this package are vulnerable to Information Exposure such that due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.

How to fix Information Exposure?

Upgrade ghost to version 5.46.1 or higher.

<5.46.1
  • M
Access Restriction Bypass

ghost is a publishing platform

Affected versions of this package are vulnerable to Access Restriction Bypass that allows contributors to view draft posts of other users via the /ghost/api/admin/posts endpoint and draft pages of other users via the /ghost/api/admin/pages endpoint.

NOTE: The vendor's position is that this behavior has no security impact.

How to fix Access Restriction Bypass?

There is no fixed version for ghost.

>=0.4.2-rc1
  • M
Cross-site Scripting (XSS)

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the codeinjection_foot field, which allows users to inject JavaScript into posts.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for ghost.

>=0.0.0
  • M
Cross-site Scripting (XSS)

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the codeinjection_head field, which allows users to inject JavaScript into posts.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for ghost.

>=0.0.0
  • M
Cross-site Scripting (XSS)

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the facebook field, which allows users to inject JavaScript into posts.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for ghost.

>=0.0.0
  • M
Cross-site Scripting (XSS)

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the twitter field, which allows users to inject JavaScript into posts.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for ghost.

>=0.0.0
  • M
Remote Code Execution (RCE)

ghost is a publishing platform

Affected versions of this package are vulnerable to Remote Code Execution (RCE) via a file that has previously been uploaded using the file upload functionality in the post editor.

How to fix Remote Code Execution (RCE)?

Upgrade ghost to version 4.48.2, 5.2.3 or higher.

<4.48.2 >=5.0.0 <5.2.3
  • M
Command Injection

ghost is a publishing platform

Affected versions of this package are vulnerable to Command Injection. Sites using the sendmail transport as part of their mail config are vulnerable to remote command injection due to a vulnerability in the nodemailer dependency. Ghost defaults to the direct transport so this is only exploitable if the sendmail transport is explicitly used.

How to fix Command Injection?

Upgrade ghost to version 4.15.0 or higher.

<4.15.0
  • M
Open Redirect

ghost is a publishing platform

Affected versions of this package are vulnerable to Open Redirect. It allows redirecting to external sites after providing private site password.

How to fix Open Redirect?

Upgrade ghost to version 3.41.1 or higher.

<3.41.1
  • M
Open Redirect

ghost is a publishing platform

Affected versions of this package are vulnerable to Open Redirect. It is possible for an attack to redirect a user to an external sit after providing a private site password.

How to fix Open Redirect?

Upgrade ghost to version 2.38.3 or higher.

<2.38.3
  • L
Server-side Request Forgery (SSRF)

ghost is a publishing platform

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). It provides an attacker the ability of Internal port scanning, or reading oembed contents from the internal network.

How to fix Server-side Request Forgery (SSRF)?

Upgrade ghost to version 2.38.2 or higher.

<2.38.2
  • M
Cross-Site Request Forgery (CSRF)

ghost is a publishing platform

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). Previously, when Ghost could not determine an origin of a request it would return a null value as a default, thereby allowing for requests sent from origins other than the domains the user logged in from.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade ghost to version 3.13.0 or higher.

<3.13.0
  • M
Server Side Request Forgery (SSRF)

ghost is a publishing platform

Affected versions of this package are vulnerable to Server Side Request Forgery (SSRF). The getOembedUrlFromHTML() function does not sanitize user input.

How to fix Server Side Request Forgery (SSRF)?

Upgrade ghost to version 2.38.1, 3.10.0 or higher.

<2.38.1 >=3.0.0 <3.10.0