0.002 Low
EPSS
Percentile
58.6%
jekyll is vulnerable to information disclosures. The library does not check if the directory passed during a build, allowing a malicious user to gain access to sensitive files by passing a symlink directory in the _config.yml file.
_config.yml
github.com/jekyll/jekyll/pull/7226
jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/