moderate severity
Vulnerable versions: >= 3.7.0, < 3.7.4
Patched version: 3.7.4
Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3
allows attackers to access arbitrary files by specifying a symlink in
the "include" key in the "_config.yml" file.
and
moderate severity
Vulnerable versions: < 1.9.24
Patched version: 1.9.24
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be
hijacked on Windows OS, when a Symbol is used as DLL name instead of
a String This vulnerability appears to have been fixed in v1.9.24 and
later.
This fixes
and