GHSA-4xjh-m3qx-49wc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4xjh-m3qx-49wc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-4xjh-m3qx-49wc/GHSA-4xjh-m3qx-49wc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4xjh-m3qx-49wc
- Aliases
- Published
- 2018-09-28T19:29:07Z
- Modified
- 2024-02-18T05:32:07.925067Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Jekyll allows attackers to access arbitrary files by specifying a symlink
- Details
-
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the
includekey in the_config.ymlfile. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-59" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:59:43Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-17567
- https://github.com/jekyll/jekyll/pull/7224
- https://github.com/jekyll/jekyll
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jekyll/CVE-2018-17567.yml
- https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8
- https://lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984@%3Ccommits.accumulo.apache.org%3E
Affected packages
RubyGems / jekyll
Package
- Name
- jekyll
- Purl
- pkg:gem/jekyll
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.3
Affected versions
0.*
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.2.0
0.2.1
0.3.0
0.4.1
0.5.1
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.6.0
0.6.1
0.6.2
0.7.0
0.8.0
0.9.0
0.10.0
0.11.0
0.11.2
0.12.0
0.12.1
1.*
1.0.0.beta1
1.0.0.beta2
1.0.0.beta3
1.0.0.beta4
1.0.0.rc1
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.1
1.1.2
1.2.0
1.2.1
1.3.0.rc
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.5.0
1.5.1
2.*
2.0.0.alpha.1
2.0.0.alpha.2
2.0.0.alpha.3
2.0.0.rc1
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.2.0
2.3.0
2.4.0
2.5.0
2.5.1
2.5.2
2.5.3
3.*
3.0.0.pre.beta1
3.0.0.pre.beta2
3.0.0.pre.beta3
3.0.0.pre.beta4
3.0.0.pre.beta5
3.0.0.pre.beta6
3.0.0.pre.beta7
3.0.0.pre.beta8
3.0.0.pre.beta9
3.0.0.pre.beta10
3.0.0.pre.rc1
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.1.0.pre.beta1
3.1.0.pre.rc1
3.1.0.pre.rc2
3.1.0.pre.rc3
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.2.0.pre.beta1
3.2.0.pre.beta2
3.2.0
3.2.1
3.3.0.pre.rc1
3.3.0
3.3.1
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.5.0
3.5.1
3.5.2
3.6.0.pre.beta1
3.6.0
3.6.1
3.6.2
RubyGems / jekyll
Package
- Name
- jekyll
- Purl
- pkg:gem/jekyll
RubyGems / jekyll
Package
- Name
- jekyll
- Purl
- pkg:gem/jekyll