{"uuid": "131aeefa-6401-4953-8dfd-46847d1f2383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32235", "type": "seen", "source": "https://t.me/cibsecurity/63356", "content": "\u203c CVE-2023-32235 \u203c\n\nGhost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-05T12:24:20.000000Z"}