Denial of Service (DoS)
Affecting ghost package, versions <0.5.9
ghost is a blogging platform.
Affected versions of the package are vulnerable to Denial of Service (DoS) attack, via filesystem exhaustion. When updating a user avatar, the pervious one is saved and not deleted. Also, the file size of the avatar is not limited.
ghost to version 0.5.9 or higher.