High severityNVD Advisory· Published Dec 23, 2022· Updated Apr 14, 2025
CVE-2022-41654
CVE-2022-41654
Description
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ghostnpm | >= 5.0.0, < 5.22.7 | 5.22.7 |
ghostnpm | >= 4.46.0, < 4.48.8 | 4.48.8 |
Affected products
3- osv-coords2 versions
>= 4.46.0, < 4.48.8+ 1 more
- (no CPE)range: >= 4.46.0, < 4.48.8
- (no CPE)range: >= 5.0.0, < 5.22.7
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9gh8-wp53-ccc6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-41654ghsaADVISORY
- forum.ghost.org/t/security-update-available-for-ghost-4-48-7-and-5-22-6/34475ghsaWEB
- github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6ghsaWEB
- talosintelligence.com/vulnerability_reports/TALOS-2022-1624ghsaWEB
News mentions
0No linked articles in our index yet.