EUVD-2018-0436

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Jekyll versions enable file access via symlink in _config.yml inclusion key vulnerability

Reporter	Title	Published	Views	Family All 16
CNVD	Jekyll Arbitrary File Access Vulnerability	28 Sep 201800:00	–	cnvd
CVE	CVE-2018-17567	28 Sep 201800:00	–	cve
Cvelist	CVE-2018-17567	28 Sep 201800:00	–	cvelist
Debian CVE	CVE-2018-17567	28 Sep 201800:00	–	debiancve
Github Security Blog	Jekyll allows attackers to access arbitrary files by specifying a symlink	28 Sep 201819:29	–	github
NVD	CVE-2018-17567	28 Sep 201800:29	–	nvd
OpenVAS	Debian: Security Advisory (DLA-1541-1)	8 Mar 202300:00	–	openvas
OSV	DEBIAN-CVE-2018-17567	28 Sep 201800:29	–	osv
OSV	DLA-1541-1 jekyll - security update	10 Oct 201800:00	–	osv
OSV	GHSA-4XJH-M3QX-49WC Jekyll allows attackers to access arbitrary files by specifying a symlink	28 Sep 201819:29	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "29844806-b08e-3b4c-9fa5-598dab1c2188",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "cb464886-8d4b-3140-a730-9b33f62f55f0",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-17567
github	www.github.com/jekyll/jekyll/pull/7224
github	www.github.com/jekyll/jekyll
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/jekyll/CVE-2018-17567.yml
jekyllrb	www.jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8
lists	www.lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984@%3Ccommits.accumulo.apache.org%3E
jekyllrb	www.jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
lists	www.lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984%40%3Ccommits.accumulo.apache.org%3E
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.4High risk

Vulners AI Score7.4

CVSS 37.5

CVSS 25

EPSS0.0043