skip to content
Back to
Home Bounties Research Advisories CodeQL Wall of Fame Get Involved Events
February 12, 2021

GHSL-2020-197: Open redirect vulnerability in Ghost

GitHub Security Lab

Coordinated Disclosure Timeline


Ghost may be vulnerable to Open redirect attacks



Tested Version

Latest commit at the date of reporting.


This line redirects to the path name of a redirect URL stored in a query parameter.

If the redirect URL is under the control of an attacker, they can provide a URL whose path name starts with a double slash (or double backslash, slash followed by backslash, etc.). This will then be interpreted as an absolute URL without a protocol, and will redirect to an external site of the attacker’s choosing.


Open redirect. If the attacker can control the redirect URL, it could be possible to launch a phishing attack where the attacker sends a crafted link to someone with a Ghost blog that looks like it refers to one of their articles. When they click on the link, they’ll be taken to the login screen, enter their credentials, and then are redirected to wherever the attacker would like them to go.


This issue was discovered and reported by GitHub team member Max Schaefer.


You can contact the GHSL team at, please include GHSL-2020-197 in any communication regarding this issue.