High severityNVD Advisory· Published May 5, 2023· Updated Jan 29, 2025
CVE-2023-32235
CVE-2023-32235
Description
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ghostnpm | < 5.42.1 | 5.42.1 |
Affected products
2- osv-coords2 versions
< 5.42.1+ 1 more
- (no CPE)range: < 5.42.1
- (no CPE)range: < 5.42.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.