Описание
Ghost vulnerable to arbitrary file read via symlinks in content import
Impact
A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system.
Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's content/ folder
Vulnerable versions
This security vulnerability is present in Ghost ≤ v5.59.0.
Patches
v5.59.1 contains a fix for this issue.
For more information
If you have any questions or comments about this advisory:
- Email us at security@ghost.org
Пакеты
ghost
< 5.59.1
5.59.1
Связанные уязвимости
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Ghost is an open source content management system. Versions prior to 5 ...