TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-28 21:33:24 +03:00
Code Issues Projects Releases Wiki Activity
28de1720c1
Ghost/ghost
History
Fabien "egg" O'Carroll 28de1720c1 🔒 Fixed magic link endpoint sending multiple emails 
refs https://github.com/TryGhost/Team/issues/2024

Without validation it was possible to send a string of comma separated
email addresses to the endpoint, and an email would be sent to each
address, bypassing any rate limiting.

This bug does not allow for an authentication bypass exploit. It is purely a
spam email concern.

Credit: Sandip Maity <maitysandip925@gmail.com>
2022-10-05 10:28:13 +01:00
..
adapter-manager Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
admin Fixed anchor chart load for site without paid tiers 2022-10-04 12:07:38 +07:00
api-framework Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
api-version-compatibility-service Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
bootstrap-socket Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
constants Added one week in seconds value to constants 2022-09-15 10:56:34 +08:00
core 🔒 Fixed magic link endpoint sending multiple emails 2022-10-05 10:28:13 +01:00
custom-theme-settings-service Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
domain-events Organized package dependencies 2022-08-18 11:55:49 +02:00
email-analytics-provider-mailgun Organized package dependencies 2022-08-18 11:55:49 +02:00
email-analytics-service Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
email-content-generator Organized package dependencies 2022-08-18 11:55:49 +02:00
express-dynamic-redirects Organized package dependencies 2022-08-18 11:55:49 +02:00
extract-api-key Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
html-to-plaintext Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
job-manager Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
link-redirects Added unit tests to link-redirects package 2022-09-26 18:13:05 +02:00
link-replacer Added database storage for link redirects and click events (#15423) 2022-09-19 17:12:54 +02:00
link-tracking Disabled link replacement when link click tracking is disabled (#15483) 2022-09-27 18:20:34 +02:00
magic-link 🔒 Fixed magic link endpoint sending multiple emails 2022-10-05 10:28:13 +01:00
mailgun-client Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
member-analytics-service Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
member-attribution Added referrer attribution from request context (#15499) 2022-09-29 22:31:48 +05:30
member-events Added member last seen update on link click (#15459) 2022-09-23 10:34:33 +02:00
members-analytics-ingress Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
members-api Added referrer attribution from request context (#15499) 2022-09-29 22:31:48 +05:30
members-csv 🐛 Fixed duplicate error columns in members import error CSV 2022-09-16 11:02:22 +02:00
members-events-service Allowed storing attribution data on member events (#15487) 2022-09-28 15:42:04 +05:30
members-importer Moved analytics page to separate component 2022-09-29 12:41:16 +02:00
members-ssr Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
minifier Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
mw-api-version-mismatch Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
mw-cache-control Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
mw-error-handler Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
mw-session-from-token Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
mw-update-user-last-seen Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
mw-vhost Cleaned up unused test utils 2022-08-18 11:55:49 +02:00
oembed-service Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
offers Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
package-json Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
payments Fixed full Admin test suite running during unit tests 2022-08-15 15:34:52 +02:00
referrers Added new package with known referrers list 2022-09-20 19:02:06 +05:30
security Updated @tryghost dependencies (#15349) 2022-09-08 18:32:13 +01:00
session-service Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
settings-path-manager Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
staff-service Updated staff service to trigger alerts via events 2022-09-10 11:06:34 +05:30
stats-service Updated Stats-Service repository URL 2022-09-29 11:55:08 +07:00
stripe Updated naming for referrer attribution (#15486) 2022-09-28 00:58:06 +05:30
update-check-service Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
verification-trigger Updated @tryghost dependencies (#15434) 2022-09-27 08:31:35 +07:00
version-notifications-data-service Organized package dependencies 2022-08-18 11:55:49 +02:00