An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.
{ "github_reviewed_at": "2022-04-22T20:29:43Z", "nvd_published_at": "2022-04-12T17:15:00Z", "cwe_ids": [ "CWE-434" ], "github_reviewed": true, "severity": "CRITICAL" }