A security vulnerability has been found this week in Ghost apps, it is recommended to upgrade the Ghost application to version 4.16+.
"Ghost has found and fixed a breach that allowed unauthenticated email users to change the email addresses of arbitrary member accounts. Details can be found here.
The vulnerability affects Ghost versions between 3.18.0 and 4.15.0 (inclusive), which includes the version of Ghost used previously in YunoHost.
As a temporary measure: before upgrading, you can use the permission system to block acees to your app OR you can block the
POST /members/api/send-magic-link/ endpoint with a change in nginx config.
Thanks to @slnsrt who gives us the alert