BIT-ghost-2026-53946

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/ghost/BIT-ghost-2026-53946.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-ghost-2026-53946
Aliases
Published
2026-06-30T23:39:21.576Z
Modified
2026-07-08T08:11:33.394576078Z
Summary
Ghost: Mobiledoc image-size fetch SSRF
Details

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user able to create or edit posts could therefore point an image card at an attacker-chosen host and cause the Ghost server to request it on their behalf, including hosts on internal networks or cloud instance metadata endpoints that would not normally be reachable from the public internet. This vulnerability is fixed in 6.21.1.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*"
    ]
}
References

Affected packages

Bitnami / ghost

Package

Name
ghost
Purl
pkg:bitnami/ghost

Severity

  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
6.19.4
Fixed
6.21.1

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/ghost/BIT-ghost-2026-53946.json"