ADVISORIES

• CVE-2018-17567 (NVD)
• GHSA-4xjh-m3qx-49wc
• Vendor Advisory

GEM

jekyll

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

• ~> 3.6.3
• ~> 3.7.4
• >= 3.8.4

DESCRIPTION

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.