TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-26 12:21:36 +03:00
Code Issues Projects Releases Wiki Activity
f24dfb409d
Ghost/core/frontend
History
Fabien "egg" O'Carroll b82dc7ae7c 🔒 Fixed RCE exploit with date helper & locale setting 
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-7v28-g2pq-ggg8

A vulnerability in an upstream library means an attacker can abuse locale input
to execute arbitrary commands from a file that has previously been uploaded
using the file upload functionality in the post editor.
2022-06-14 22:50:22 -04:00
..
apps Cleaned up AMP rendering of "page" resources 2022-05-17 11:39:52 +08:00
helpers 🔒 Fixed RCE exploit with date helper & locale setting 2022-06-14 22:50:22 -04:00
meta Updated output logic to correctly use excerpt 2022-05-16 15:51:14 +01:00
public Fixed minified CSS not reflecting latest changes 2022-03-17 14:47:21 +00:00
services Allow page to be used as post in dynamic routing 2022-05-27 15:11:34 +01:00
src/cards Applied default box sizing to all cards 2021-12-17 15:28:35 +01:00
views Updated unsubscribe page 2022-03-10 10:39:20 +00:00
web 🎨 Reduced favicon requirements and added image formatting (#14918) 2022-05-27 16:36:53 +02:00