mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-18 16:01:40 +03:00
b3caf16005
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-r97q-ghch-82j9 Because our filtering layer is so coupled to the DB and we don't generally apply restrictions, it was possible to fetch authors and filter by their password or email field. Coupled with the "starts with" operator this can be used to brute force the first character of these fields by trying random combinations until an author is included in the filter. After which the next character can be brute forced, and so on until the data has been leaked completely. |
||
---|---|---|
.. | ||
authors.test.js | ||
pages.test.js | ||
posts.test.js | ||
tags.test.js | ||
utils.js |