Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghost Vulnerable to Remote Code Execution via Malicious Themes
Vulnerability Description
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Ghost 注入漏洞
Vulnerability Description
Ghost是Ghost开源的一个托管服务。 Ghost 0.7.2至6.19.0版本存在注入漏洞,该漏洞源于特制恶意主题可能在服务器上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A