GHSA-ffhq-g856-9f2p

Опубликовано: 13 апр. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Arbitrary file upload in Ghost

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file.

Ссылки

Пакеты

Наименование

ghost

npm

Затронутые версииВерсия исправления

<= 4.42.0

Отсутствует

EPSS

Процентиль: 88%

0.04027

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-28397

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-28397

CVSS3: 9.8

nvd

почти 4 года назад

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional

CVE-2022-28397

CVSS3: 9.8

debian

почти 4 года назад

An arbitrary file upload vulnerability in the file upload module of Gh ...

EPSS

Процентиль: 88%

0.04027

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-28397

Дефекты

CWE-434