Add CVE-2018-17567 for jekyll (#394)

rubysec · Jul 3, 2019 · c2f3a04 · c2f3a04
1 parent c668902
commit c2f3a04
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/gems/jekyll/CVE-2018-17567.yml b/gems/jekyll/CVE-2018-17567.yml
@@ -0,0 +1,14 @@
+---
+gem: jekyll
+cve: 2018-17567
+date: 2018-09-28
+url: https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
+title: Jekyll _config.yml privilege escalation
+description: Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows
+  attackers to access arbitrary files by specifying a symlink in the "include" key
+  in the "_config.yml" file.
+cvss_v3: 7.5
+patched_versions:
+- "~> 3.6.3"
+- "~> 3.7.4"
+- ">= 3.8.4"