BIT-ghost-2026-53945

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/ghost/BIT-ghost-2026-53945.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-ghost-2026-53945
Aliases
Published
2026-06-30T23:39:20.070Z
Modified
2026-07-08T08:26:14.632671042Z
Summary
Ghost: Server-side request forgery via DNS rebinding in external request handling
Details

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, Ghost’s private-IP check for outbound HTTP requests could be bypassed via DNS rebinding, allowing an attacker to coerce the Ghost server into reaching hosts on internal networks through features that issue external fetches. This vulnerability is fixed in 6.21.1.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*"
    ]
}
References

Affected packages

Bitnami / ghost

Package

Name
ghost
Purl
pkg:bitnami/ghost

Severity

  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
6.0.9
Fixed
6.21.1

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/ghost/BIT-ghost-2026-53945.json"