Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-05T00:00:00

Updated: 2024-08-02T15:10:24.227Z

Reserved: 2023-05-05T00:00:00

Link: CVE-2023-32235

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-05T05:15:09.293

Modified: 2024-11-21T08:02:57.447

Link: CVE-2023-32235

cve-icon Redhat

No data.