7.7 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
23 packages
- ghost
- ghostie
- ghostty
- ghost-cli
- ghostfolio
- ghostunnel
- ghostscript
- ghosttohugo
- ghostty-bin
- ghostscriptX
- ghostscript_headless
- libsForQt5.ghostwriter
- kdePackages.ghostwriter
- plasma5Packages.ghostwriter
- haskellPackages.ghost-buster
- python312Packages.ghostscript
- python313Packages.ghostscript
- python314Packages.ghostscript
- tests.texlive.dvipng.ghostscript
- haskellPackages.ghostscript-parallel
- tree-sitter-grammars.tree-sitter-ghostty
- python313Packages.tree-sitter-grammars.tree-sitter-ghostty
- python314Packages.tree-sitter-grammars.tree-sitter-ghostty
- @mweinelt dismissed
Ghost Vulnerable to Remote Code Execution via Malicious Themes
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
References
- https://github.com/TryGhost/Ghost/security/advisories/GHSA-cgc2-rcrh-qr5x x_refsource_CONFIRM
Affected products
- ==>= 0.7.2, < 6.19.1
Ignored packages (23)
pkgs.ghost
Android post-exploitation framework
-
nixos-unstable 8.0.0-unstable-2025-11-01
- nixpkgs-unstable 8.0.0-unstable-2025-11-01
- nixos-unstable-small 8.0.0-unstable-2025-11-01
pkgs.ghostie
Github notifications in your terminal
pkgs.ghostty
Fast, native, feature-rich terminal emulator pushing modern features
pkgs.ghost-cli
CLI Tool for installing & updating Ghost
pkgs.ghostfolio
Open Source Wealth Management Software
pkgs.ghostunnel
TLS proxy with mutual authentication support for securing non-TLS backend applications
pkgs.ghostscript
PostScript interpreter (mainline version)
pkgs.ghosttohugo
Convert Ghost export to Hugo posts
pkgs.ghostty-bin
Fast, native, feature-rich terminal emulator pushing modern features
pkgs.ghostscriptX
PostScript interpreter (mainline version)
pkgs.ghostscript_headless
PostScript interpreter (mainline version)
pkgs.libsForQt5.ghostwriter
Cross-platform, aesthetic, distraction-free Markdown editor
pkgs.kdePackages.ghostwriter
Text editor for Markdown
pkgs.plasma5Packages.ghostwriter
Cross-platform, aesthetic, distraction-free Markdown editor
pkgs.haskellPackages.ghost-buster
Existential type utilites
pkgs.python312Packages.ghostscript
Interface to the Ghostscript C-API using ctypes.
pkgs.python313Packages.ghostscript
Interface to the Ghostscript C-API using ctypes.
pkgs.python314Packages.ghostscript
Interface to the Ghostscript C-API using ctypes
pkgs.tests.texlive.dvipng.ghostscript
None
pkgs.haskellPackages.ghostscript-parallel
Let Ghostscript render pages in parallel
pkgs.tree-sitter-grammars.tree-sitter-ghostty
Tree-sitter grammar for ghostty
-
nixos-unstable 1.2-unstable-2026-01-02
- nixpkgs-unstable 1.2-unstable-2026-01-02
- nixos-unstable-small 1.2-unstable-2026-01-02
pkgs.python313Packages.tree-sitter-grammars.tree-sitter-ghostty
Python bindings for tree-sitter-ghostty
-
nixos-unstable 1.2+unstable20260102
- nixpkgs-unstable 1.2+unstable20260102
- nixos-unstable-small 1.2+unstable20260102
pkgs.python314Packages.tree-sitter-grammars.tree-sitter-ghostty
Python bindings for tree-sitter-ghostty
-
nixos-unstable 1.2+unstable20260102
- nixpkgs-unstable 1.2+unstable20260102
- nixos-unstable-small 1.2+unstable20260102