High severityNVD Advisory· Published Dec 23, 2022· Updated Apr 14, 2025
CVE-2022-41654
CVE-2022-41654
Description
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ghostnpm | >= 5.0.0, < 5.22.7 | 5.22.7 |
ghostnpm | >= 4.46.0, < 4.48.8 | 4.48.8 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-9gh8-wp53-ccc6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41654ghsaADVISORY
- forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475ghsaWEB
- github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6ghsaWEB
- talosintelligence.com/vulnerability_reports/TALOS-2022-1624ghsaWEB
News mentions
0No linked articles in our index yet.