An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.
{ "cwe_ids": [ "CWE-434" ], "severity": "CRITICAL", "nvd_published_at": "2022-04-12T17:15:00Z", "github_reviewed_at": "2022-04-22T20:29:43Z", "github_reviewed": true }