VYPR
High severityNVD Advisory· Published Dec 23, 2022· Updated Apr 14, 2025

CVE-2022-41654

CVE-2022-41654

Description

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ghostnpm
>= 5.0.0, < 5.22.75.22.7
ghostnpm
>= 4.46.0, < 4.48.84.48.8

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.