Lucene search
+L

264 matches found

Cvelist
Cvelist
added 2020/07/17 3:27 p.m.47 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.4AI score0.0456EPSS
Exploits0References13
CVE
CVE
added 2020/07/17 3:27 p.m.166 views

CVE-2020-14001

The vulnerability CVE-2020-14001 affects the kramdown Ruby gem prior to 2.3.0, where the template option is processed by default in Kramdown documents. This can allow unintended read access (e.g., template="/etc/passwd") or unintended embedded Ruby code execution (e.g., template="string://<%= ...

9.8CVSS9.3AI score0.0456EPSS
Exploits0References13Affected Software1
RubySec
RubySec
added 2020/06/28 12:0 a.m.29 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.0456EPSS
Exploits0References1Affected Software1
Node.js
Node.js
added 2019/06/07 7:9 p.m.14 views

Malicious Package

Overview Version 0.2.12 of jekyll-for-github-projects contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...

7AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.20 views

Fedora 29 : rubygem-jekyll (2018-4f6deba5f1)

Update to version 3.8.4. This version includes a fix for a possible security issue: The engine now no longer follows symlinks when including files. Release notes: https://github.com/jekyll/jekyll/releases/tag/v3.8.4 Note that Tenable Network Security has extracted the preceding description block...

5.5AI score
Exploits0References2
OSV
OSV
added 2018/10/10 12:0 a.m.25 views

DLA-1541-1 jekyll - security update

Bulletin has no description...

7.5CVSS7.4AI score0.0217EPSS
Exploits0
Veracode
Veracode
added 2018/10/01 7:54 a.m.14 views

Information Disclosure

jekyll is vulnerable to information disclosures. The library does not check if the directory passed during a build, allowing a malicious user to gain access to sensitive files by passing a symlink directory in the config.yml file...

7.5CVSS7.3AI score0.0217EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2018/09/28 7:29 p.m.38 views

Jekyll allows attackers to access arbitrary files by specifying a symlink

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the include key in the config.yml file...

7.5CVSS7.3AI score0.0217EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2018/09/28 7:29 p.m.21 views

GHSA-4XJH-M3QX-49WC Jekyll allows attackers to access arbitrary files by specifying a symlink

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the include key in the config.yml file...

7.5CVSS7.3AI score0.0217EPSS
Exploits0References6
Fedora
Fedora
added 2018/09/28 4:57 p.m.15 views

[SECURITY] Fedora 29 Update: rubygem-jekyll-3.8.4-1.fc29

Jekyll is a simple, blog-aware, static site generator. You create your content as text files Markdown, and organize them into folders. Then, you build the shell of your site using Liquid-enhanced HTML templates. Jekyll automatically stitches the content and templates together, generating a websit...

0.8AI score
Exploits0
OSV
OSV
added 2018/09/28 12:29 a.m.3 views

DEBIAN-CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS7AI score0.0217EPSS
Exploits0References1
NVD
NVD
added 2018/09/28 12:29 a.m.20 views

CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS7.4AI score0.0217EPSS
Exploits0References3
OSV
OSV
added 2018/09/28 12:29 a.m.15 views

CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS7.5AI score
Exploits0References3
Prion
Prion
added 2018/09/28 12:29 a.m.16 views

Design/Logic Flaw

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

5CVSS7.4AI score0.0217EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2018/09/28 12:29 a.m.18 views

CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS7.2AI score0.0217EPSS
Exploits0References3
OSV
OSV
added 2018/09/28 12:29 a.m.4 views

UBUNTU-CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS7.2AI score0.0217EPSS
Exploits0References4
CNVD
CNVD
added 2018/09/28 12:0 a.m.5 views

Jekyll Arbitrary File Access Vulnerability

Jekyll is a static website generator. A security vulnerability exists in Jekyll version 3.6.2 and earlier, version 3.7.x through 3.7.3, and version 3.8.x through 3.8.3. An attacker can exploit the vulnerability by specifying a symbolic link in the 'include' key of the 'config.yml' file to access...

7.5CVSS7.4AI score0.0217EPSS
Exploits0References1
CVE
CVE
added 2018/09/28 12:0 a.m.113 views

CVE-2018-17567

CVE-2018-17567 affects Jekyll prior to patched versions: 3.6.2 and earlier 3.7.x before 3.7.3, and 3.8.x before 3.8.3. The vulnerability arises from allowing a symlink in the include key of _config.yml to expose arbitrary files. Impact is exposure of information (confidentiality impact) with no i...

7.5CVSS7.3AI score0.0217EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/09/28 12:0 a.m.21 views

CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.4AI score0.0217EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/09/28 12:0 a.m.81 views

CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS7.4AI score0.0217EPSS
Exploits0
Rows per page
Query Builder