Jekyll allows attackers to access arbitrary files by specifying a symlink
High severity
GitHub Reviewed
Published
Sep 28, 2018
to the GitHub Advisory Database
•
Updated Sep 5, 2023
Package
Affected versions
< 3.6.3
>= 3.7.0, < 3.7.4
>= 3.8.0, < 3.8.4
Patched versions
3.6.3
3.7.4
3.8.4
Description
Published to the GitHub Advisory Database
Sep 28, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 5, 2023
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the
include
key in the_config.yml
file.References