Impact
A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system.
Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's content/ folder
Vulnerable versions
This security vulnerability is present in Ghost ≤ v5.59.0.
Patches
v5.59.1 contains a fix for this issue.
For more information
If you have any questions or comments about this advisory:
Impact
A vulnerability in Ghost allows authenticated users to upload files which are symlinks. This can be exploited to perform an arbitrary file read of any file on the operating system.
Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's
content/folderVulnerable versions
This security vulnerability is present in Ghost ≤ v5.59.0.
Patches
v5.59.1 contains a fix for this issue.
For more information
If you have any questions or comments about this advisory: