Description
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality
Remediation
References
https://youtu.be/FCqWEvir2wE
http://ghost.org/docs/security/#privilege-escalation-attacks
Related Vulnerabilities
CVE-2022-28153 Vulnerability in maven package org.jvnet.hudson.plugins:sitemonitor
CVE-2021-21348 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2020-14968 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign
CVE-2021-3780 Vulnerability in npm package peertube
CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-managesieve