Yardoc : Security Vulnerabilities, CVEs,
yard before 0.9.20 allows path traversal.
Max CVSS
7.5
EPSS Score
0.26%
Published
2019-07-29
Updated
2024-03-06
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-11-28
Updated
2017-12-20
2 vulnerabilities found