Lucene search
GoogleOSV:GHSA-4XJH-M3QX-49WCHistorySep 28, 2018 - 7:29 p.m.
Jekyll allows attackers to access arbitrary files by specifying a symlink
2018-09-2819:29:07
Google
osv.dev
9
0.002 Low
EPSS
Percentile
58.6%
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the include key in the _config.yml file.
References
github.com/jekyll/jekyll
github.com/jekyll/jekyll/pull/7224
github.com/rubysec/ruby-advisory-db/blob/master/gems/jekyll/CVE-2018-17567.yml
jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8
lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984@%3Ccommits.accumulo.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2018-17567
Related
veracode
veracode
Information Disclosure
2018-10-01 07:54:33
github
github
Jekyll allows attackers to access arbitrary files by specifying a symlink
2018-09-28 19:29:07
cve
cve
CVE-2018-17567
2018-09-28 00:29:04
osv
osv
jekyll - security update
2018-10-10 00:00:00
CVE-2018-17567
2018-09-28 00:29:04
ubuntucve
ubuntucve
CVE-2018-17567
2018-09-28 00:00:00
cvelist
cvelist
CVE-2018-17567
2018-09-28 00:00:00
nvd
nvd
CVE-2018-17567
2018-09-28 00:29:04
debiancve
debiancve
CVE-2018-17567
2018-09-28 00:29:04
prion
prion
Design/Logic Flaw
2018-09-28 00:29:00
openvas
openvas
Debian: Security Advisory (DLA-1541-1)
2023-03-08 00:00:00