VYPR
Critical severityNVD Advisory· Published Apr 12, 2022· Updated Aug 3, 2024

CVE-2022-28397

CVE-2022-28397

Description

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ghostnpm
<= 4.42.0

Affected products

3
  • Ghost/CMSdescription
  • osv-coords2 versions
    >= 4.42.0, < 4.42.1+ 1 more
    • (no CPE)range: >= 4.42.0, < 4.42.1
    • (no CPE)range: <= 4.42.0

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.