From c2f3a04b074db4270221fc390c44cb5025169eae Mon Sep 17 00:00:00 2001
From: Robert Schultheis <rschultheis@github.com>
Date: Tue, 2 Jul 2019 23:44:40 -0600
Subject: [PATCH] Add CVE-2018-17567 for jekyll (#394)

---
 gems/jekyll/CVE-2018-17567.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 gems/jekyll/CVE-2018-17567.yml

diff --git a/gems/jekyll/CVE-2018-17567.yml b/gems/jekyll/CVE-2018-17567.yml
new file mode 100644
index 0000000000..d387f34fce
--- /dev/null
+++ b/gems/jekyll/CVE-2018-17567.yml
@@ -0,0 +1,14 @@
+---
+gem: jekyll
+cve: 2018-17567
+date: 2018-09-28
+url: https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/
+title: Jekyll _config.yml privilege escalation
+description: Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows
+  attackers to access arbitrary files by specifying a symlink in the "include" key
+  in the "_config.yml" file.
+cvss_v3: 7.5
+patched_versions:
+- "~> 3.6.3"
+- "~> 3.7.4"
+- ">= 3.8.4"