You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
After installing your repo, I git this error message:
Critical security update available — please update Ghost as soon as possible. Details here: GHSA-9fgx-q25h-jxrg
Fixed in 4.3.3, all 4.x sites should upgrade as soon as possible.
As the endpoint is unused, the patch simply removes it.
The text was updated successfully, but these errors were encountered:
You have got such message due to a big security update in Ghost v4.
Details
An unused endpoint added during the development of 4.0.0 is vulnerable to allowing untrusted users access to Ghost Admin. An attacker may gain access by convincing an authenticated Ghost Staff User to click a link containing malicious code. Users do not need to enter credentials and may not know they’ve visited a malicious site for this exploit to be effective.
Update
I am updating Ghost to the latest version. You can also do this by updating ghost dependency in package.json.
Hello,
After installing your repo, I git this error message:
Critical security update available — please update Ghost as soon as possible. Details here: GHSA-9fgx-q25h-jxrg
The text was updated successfully, but these errors were encountered: