Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-05-05T00:00:00
Updated: 2024-08-02T15:10:24.227Z
Reserved: 2023-05-05T00:00:00
Link: CVE-2023-32235
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-05T05:15:09.293
Modified: 2024-11-21T08:02:57.447
Link: CVE-2023-32235
Redhat
No data.