Description
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality
Remediation
References
http://ghost.org/docs/security/#privilege-escalation-attacks
https://youtu.be/FCqWEvir2wE
Related Vulnerabilities
CVE-2022-31195 Vulnerability in maven package org.dspace:dspace-api
CVE-2021-3137 Vulnerability in maven package org.xwiki.commons:xwiki-commons
CVE-2021-21391 Vulnerability in npm package @ckeditor/ckeditor5-font
CVE-2017-16083 Vulnerability in npm package node-simple-router
CVE-2022-37199 Vulnerability in maven package com.jflyfox:jflyfox_jfinal