[ghost] Arbitrary file upload in Ghost

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-27139
https://youtu.be/FCqWEvir2wE
https://github…

[grunt] Path Traversal in Grunt

Grunt prior to version 1.5.2 is vulnerable to path traversal.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-0436
https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40…