0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-11 02:12:21 -05:00
ghost/core
Fabien "egg" O'Carroll b82dc7ae7c 🔒 Fixed RCE exploit with date helper & locale setting
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-7v28-g2pq-ggg8

A vulnerability in an upstream library means an attacker can abuse locale input
to execute arbitrary commands from a file that has previously been uploaded
using the file upload functionality in the post editor.
2022-06-14 22:50:22 -04:00
..
admin@8731425dc2 Updated Admin to v5.2.2 2022-06-03 17:50:37 +01:00
cli Added docs for writing new commands 2022-05-17 17:16:44 +01:00
frontend 🔒 Fixed RCE exploit with date helper & locale setting 2022-06-14 22:50:22 -04:00
server Updated mapping for stripe_products when product import is skipped (#14965) 2022-06-03 17:31:53 +01:00
shared Updated single tier labels and subscription error messages 2022-06-01 13:44:08 +05:30
app.js
boot.js Added frontend key to ghost_head for portal (#14782) 2022-05-11 17:34:31 +01:00
bridge.js Renamed lang and session_secret default settings (#14791) 2022-05-12 15:07:05 +01:00