GHSA-4xjh-m3qx-49wc
- Source
- https://github.com/advisories/GHSA-4xjh-m3qx-49wc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-4xjh-m3qx-49wc/GHSA-4xjh-m3qx-49wc.json
- Aliases
- Published
- 2018-09-28T19:29:07Z
- Modified
- 2024-02-18T05:32:07.925067Z
- Details
-
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the
includekey in the_config.ymlfile. - References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-17567
- https://github.com/jekyll/jekyll/pull/7224
- https://github.com/jekyll/jekyll
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jekyll/CVE-2018-17567.yml
- https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8
- https://lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984@%3Ccommits.accumulo.apache.org%3E
Affected packages
RubyGems / jekyll
Package
- Name
- jekyll
Affected versions
0.*
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.2.0
0.2.1
0.3.0
0.4.1
0.5.1
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.6.0
0.6.1
0.6.2
0.7.0
0.8.0
0.9.0
0.10.0
0.11.0
0.11.2
0.12.0
0.12.1
1.*
1.0.0.beta1
1.0.0.beta2
1.0.0.beta3
1.0.0.beta4
1.0.0.rc1
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.1
1.1.2
1.2.0
1.2.1
1.3.0.rc
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.5.0
1.5.1
2.*
2.0.0.alpha.1
2.0.0.alpha.2
2.0.0.alpha.3
2.0.0.rc1
2.0.0
2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.2.0
2.3.0
2.4.0
2.5.0
2.5.1
2.5.2
2.5.3
3.*
3.0.0.pre.beta1
3.0.0.pre.beta2
3.0.0.pre.beta3
3.0.0.pre.beta4
3.0.0.pre.beta5
3.0.0.pre.beta6
3.0.0.pre.beta7
3.0.0.pre.beta8
3.0.0.pre.beta9
3.0.0.pre.beta10
3.0.0.pre.rc1
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.1.0.pre.beta1
3.1.0.pre.rc1
3.1.0.pre.rc2
3.1.0.pre.rc3
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.2.0.pre.beta1
3.2.0.pre.beta2
3.2.0
3.2.1
3.3.0.pre.rc1
3.3.0
3.3.1
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.5.0
3.5.1
3.5.2
3.6.0.pre.beta1
3.6.0
3.6.1
3.6.2
RubyGems / jekyll
Package
- Name
- jekyll
RubyGems / jekyll
Package
- Name
- jekyll