CVE-2018-17567

Published September 28th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.

jekyll/jekyll

:globe_with_meridians: Jekyll is a blog-aware static site generator in Ruby

GitHub

51.5K