Critical
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded…
Tag: Jekyll
All CVEs associated with "Jekyll". Page 1/1 • 2 CVEs.
About “Jekyll”
A curated feed of “Jekyll”-related CVEs appears below. We currently track 2 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 8.7 (all time), and 100% are rated High/Critical (all time). Top CWEs (all time): CWE-862 - Missing Authorization, CWE-59 - Improper Link Resolution Before File Access ('Link Following').
In our taxonomy this topic maps to a LOW impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: jekyll
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 4 | 4.4.1 | - | ||
| 3 | 3.10.0 | - | ||
| 2 | 2.5.3 | Expired | ||
| 1 | 1.5.1 | Expired | ||
| 0 | 0.9.0 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS (expired) · ICS
Subscribe CVEs: RSS for “Jekyll” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2020-07-17
2018-09-28
High
CVE-2018-17567
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.