Impact
Ghost versions 6.0.9 through 6.21.0 contain a flaw that allows an attacker to bypass the IP filter designed to prevent server-side requests to internal services. By using an IPv6 literal that maps to a private IPv4 address, the application can be tricked into sending requests to privileged internal resources. The consequence is exposure of internal network services, potential data leakage, or further lateral movement within the compromised organization.
Affected Systems
The vulnerability affects deployments of the TryGhost Ghost content management system between version 6.0.9 and 6.21.0, inclusive. All earlier versions are unaffected, and the defect is fixed in Ghost 6.21.1.
Risk and Exploitability
The CVSS score of 5.8 indicates a moderate risk; no EPSS score is available and the issue is not listed in CISA KEV. The attack vector is inferred to be remote, relying on an attacker’s ability to craft a request that provides the malicious IPv6 literal to Ghost’s request-handling logic. Successful exploitation would let an attacker compel the server to query internal endpoints, leading to potential disclosure of sensitive data or ecosystem compromise.
OpenCVE Enrichment