Severity: Medium
ghost v.<0.5.9 is affected by a Denial of Service (DoS) attack, via filesystem exhaustion. When updating a user avatar, the previous one is saved and not deleted. Also, the file size of the avatar is not limited.
A non-exhaustive list of public/released through vulnerability affiliation programs Vulnerabilities & CVEs discovered by VoidSec.
All releases are governed by our Vulnerability Disclosure Policy.
ghost v.<0.5.9 is affected by a Denial of Service (DoS) attack, via filesystem exhaustion. When updating a user avatar, the previous one is saved and not deleted. Also, the file size of the avatar is not limited.