Yard

CVEs (1)

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2017-17042	Hig	0.42	7.5	0.00		Nov 28, 2017	lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

CVE-2017-17042HigNov 28, 2017
risk 0.42cvss 7.5epss 0.00
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.