Количество 3
Количество 3
CVE-2022-27139
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality
CVE-2022-27139
An arbitrary file upload vulnerability in the file upload module of Gh ...
GHSA-fvc6-qjp7-m4g4
Arbitrary file upload in Ghost
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-27139 An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality | CVSS3: 9.8 | 6% Низкий | почти 4 года назад |
| CVE-2022-27139 An arbitrary file upload vulnerability in the file upload module of Gh ... | CVSS3: 9.8 | 6% Низкий | почти 4 года назад |
| GHSA-fvc6-qjp7-m4g4 Arbitrary file upload in Ghost | CVSS3: 9.8 | 6% Низкий | почти 4 года назад |
Уязвимостей на страницу