High severity7.5NVD Advisory· Published Nov 28, 2017· Updated Jun 17, 2026
CVE-2017-17042
CVE-2017-17042
Description
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yardRubyGems | < 0.9.11 | 0.9.11 |
Affected products
3- ghsa-coords2 versionspkg:gem/yardpkg:rpm/suse/rubygem-yard&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 0.9.11+ 1 more
- (no CPE)range: < 0.9.11
- (no CPE)range: < 0.8.7.3-7.3.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.