CVE Daily – Jekyll https://cvedaily.com/pages/tags/jekyll.html CVE Daily – Jekyll en Wed, 03 Jun 2026 21:27:12 +0000 [Critical] CVE-2020-14001 – The kramdown gem before 2.3.0 for Ruby processes the template option inside Kram... https://nvd.nist.gov/vuln/detail/CVE-2020-14001 https://nvd.nist.gov/vuln/detail/CVE-2020-14001 Fri, 17 Jul 2020 16:15:11 +0000 Critical CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

CVSS: 9.8 · CWE: CWE-862

View on NVD

]]> [High] CVE-2018-17567 – Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attack... https://nvd.nist.gov/vuln/detail/CVE-2018-17567 https://nvd.nist.gov/vuln/detail/CVE-2018-17567 Fri, 28 Sep 2018 00:29:04 +0000 High CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.

CVSS: 7.5 · CWE: CWE-59

View on NVD

]]>