Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch show-stopping security vulnerabilities #1944

Merged
merged 14 commits into from Jan 14, 2014
Merged

Patch show-stopping security vulnerabilities #1944

merged 14 commits into from Jan 14, 2014

Conversation

parkr
Copy link
Member

@parkr parkr commented Jan 14, 2014

Two vulnerabilities found:

  1. Post#destination allows path traversal due to the CGI.unescape called prior to the post URL being used in the generation of the output file path. URL escaped characters can be used in a permalink to bypass the filtering provided by URL#sanitize_url. (@gregose)
  2. Arbitrary file reads via symlinks: it's possible to read anywhere on the filesystem by placing a symlink to a directory in _includes. (@charliesome)

GitHub Pages has already been patched. It is strongly recommended that any other Jekyll hosts upgrade to v1.4.3 when it lands (tonight).

benbalter and others added 13 commits January 13, 2014 17:22
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
Signed-off-by: Parker Moore <parkrmoore@gmail.com>
@ghost ghost assigned mattr- Jan 14, 2014
parkr added a commit that referenced this pull request Jan 14, 2014
@parkr parkr merged commit 71bb028 into v1-stable Jan 14, 2014
parkr added a commit that referenced this pull request Jan 14, 2014
@parkr parkr deleted the vuln-patch branch January 14, 2014 01:43
@jekyll jekyll locked and limited conversation to collaborators Feb 27, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

6 participants