Description

Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Remediation

References

https://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205

https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rg

Related Vulnerabilities

CVE-2020-28503 Vulnerability in maven package org.webjars.npm:copy-props

CVE-2019-10742 Vulnerability in maven package org.webjars.npm:axios

CVE-2021-23337 Vulnerability in maven package org.webjars:lodash

CVE-2020-11113 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2020-7746 Vulnerability in maven package org.webjars.bower:chart.js

Severity

High

Classification

CWE-59 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Patch Vendor Advisory