Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| jekyll(RubyGems) | 0 | 3.6.3 | N/A |
| jekyll(RubyGems) | 3.7.0 | 3.7.4 | N/A |
| jekyll(RubyGems) | 3.8.0 | 3.8.4 | N/A |
CVSS Metrics
