rpm package
suse/rubygem-yard&distro=SUSE Linux Enterprise Software Development Kit 12 SP3
pkg:rpm/suse/rubygem-yard&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-17042 | Hig | 7.5 | < 0.8.7.3-7.3.1 | 0.8.7.3-7.3.1 | Nov 28, 2017 | lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. |
- affected < 0.8.7.3-7.3.1fixed 0.8.7.3-7.3.1
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.