CVE-2023-32235

CVSS 7.5 HIGHEPSS 39.1%CWE-22

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

public PoCs found — 2

githubgithub.com/AXRoux/Ghost-Path-Traversal-CVE-2023-32235-★ 4 exploitdbwww.exploit-db.com/exploits/52408unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1