CVE-2018-17567

Опубликовано: 28 сент. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.

Ссылки

https://github.com/jekyll/jekyll/pull/7224
Patch
Third Party Advisory
https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
Patch
Vendor Advisory
https://lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984%40%3Ccommits.accumulo.apache.org%3E
https://github.com/jekyll/jekyll/pull/7224
Patch
Third Party Advisory
https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
Patch
Vendor Advisory
https://lists.apache.org/thread.html/71da391f584b2fb301d2df0e491b279d87287e2fb4b11309f04ad984%40%3Ccommits.accumulo.apache.org%3E

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jekyllrb:jekyll:*:*:*:*:*:*:*:*

Версия до 3.6.2 (включая)

cpe:2.3:a:jekyllrb:jekyll:*:*:*:*:*:*:*:*

Версия от 3.7.0 (включая) до 3.7.3 (включая)

cpe:2.3:a:jekyllrb:jekyll:*:*:*:*:*:*:*:*

Версия от 3.8.0 (включая) до 3.8.3 (включая)

EPSS

Процентиль: 63%

0.00453

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59

Связанные уязвимости

CVE-2018-17567

CVSS3: 7.5

ubuntu

больше 7 лет назад

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.

CVE-2018-17567

CVSS3: 7.5

debian

больше 7 лет назад

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 all ...

GHSA-4xjh-m3qx-49wc

CVSS3: 7.5

github

больше 7 лет назад

Jekyll allows attackers to access arbitrary files by specifying a symlink

EPSS

Процентиль: 63%

0.00453

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-59