264 matches found
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The vulnerability CVE-2020-14001 affects the kramdown Ruby gem prior to 2.3.0, where the template option is processed by default in Kramdown documents. This can allow unintended read access (e.g., template="/etc/passwd") or unintended embedded Ruby code execution (e.g., template="string://<%= ...
Unintended read access in kramdown gem
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
Malicious Package
Overview Version 0.2.12 of jekyll-for-github-projects contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...
Fedora 29 : rubygem-jekyll (2018-4f6deba5f1)
Update to version 3.8.4. This version includes a fix for a possible security issue: The engine now no longer follows symlinks when including files. Release notes: https://github.com/jekyll/jekyll/releases/tag/v3.8.4 Note that Tenable Network Security has extracted the preceding description block...
DLA-1541-1 jekyll - security update
Bulletin has no description...
Information Disclosure
jekyll is vulnerable to information disclosures. The library does not check if the directory passed during a build, allowing a malicious user to gain access to sensitive files by passing a symlink directory in the config.yml file...
Jekyll allows attackers to access arbitrary files by specifying a symlink
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the include key in the config.yml file...
GHSA-4XJH-M3QX-49WC Jekyll allows attackers to access arbitrary files by specifying a symlink
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the include key in the config.yml file...
[SECURITY] Fedora 29 Update: rubygem-jekyll-3.8.4-1.fc29
Jekyll is a simple, blog-aware, static site generator. You create your content as text files Markdown, and organize them into folders. Then, you build the shell of your site using Liquid-enhanced HTML templates. Jekyll automatically stitches the content and templates together, generating a websit...
DEBIAN-CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...
CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...
CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...
Design/Logic Flaw
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...
CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...
UBUNTU-CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...
Jekyll Arbitrary File Access Vulnerability
Jekyll is a static website generator. A security vulnerability exists in Jekyll version 3.6.2 and earlier, version 3.7.x through 3.7.3, and version 3.8.x through 3.8.3. An attacker can exploit the vulnerability by specifying a symbolic link in the 'include' key of the 'config.yml' file to access...
CVE-2018-17567
CVE-2018-17567 affects Jekyll prior to patched versions: 3.6.2 and earlier 3.7.x before 3.7.3, and 3.8.x before 3.8.3. The vulnerability arises from allowing a symlink in the include key of _config.yml to expose arbitrary files. Impact is exposure of information (confidentiality impact) with no i...
CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...
CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...