High severity7.5NVD Advisory· Published Sep 28, 2018· Updated Jun 17, 2026
CVE-2018-17567
CVE-2018-17567
Description
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jekyllRubyGems | < 3.6.3 | 3.6.3 |
jekyllRubyGems | >= 3.7.0, < 3.7.4 | 3.7.4 |
jekyllRubyGems | >= 3.8.0, < 3.8.4 | 3.8.4 |
Affected products
1Patches
Vulnerability mechanics
References
8- github.com/jekyll/jekyll/pull/7224nvdPatchThird Party AdvisoryWEB
- jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/nvdPatchVendor Advisory
- github.com/advisories/GHSA-4xjh-m3qx-49wcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-17567ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/jekyll/CVE-2018-17567.ymlghsaWEB
- jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8ghsaWEB
- lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984@%3Ccommits.accumulo.apache.org%3EghsaWEB
- lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984%40%3Ccommits.accumulo.apache.org%3Envd
News mentions
0No linked articles in our index yet.