VYPR

rpm package

suse/rubygem-yard&distro=SUSE Linux Enterprise Software Development Kit 12 SP3

pkg:rpm/suse/rubygem-yard&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3

Vulnerabilities (1)

  • CVE-2017-17042HigNov 28, 2017
    affected < 0.8.7.3-7.3.1fixed 0.8.7.3-7.3.1

    lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.