v5.130.6
📦 ghostView on GitHub →
🐛 4 fixes
Summary
This patch release focuses entirely on security fixes, addressing vulnerabilities related to authorization bypass, SSRF, SQL injection, and 2FA flow bypass.
🐛 Bug Fixes
- Fixed staff token authorization bypass via trailing slash mismatch.
- Fixed potential SSRF via media inliner.
- Fixed SQL injection vulnerability in click event query.
- Fixed ability to bypass Staff User 2FA flow.