Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2024-27285HistoryFeb 28, 2024 - 8:15 p.m.
CVE-2024-27285
2024-02-2820:15:41
Debian Security Bug Tracker
security-tracker.debian.org
5
yard
ruby
documentation
xss
vulnerability
patched
0.0004 Low
EPSS
Percentile
9.9%
YARD is a Ruby Documentation tool. The “frames.html” file within the Yard Doc’s generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the “frames.erb” template file. This vulnerability is fixed in 0.9.36.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | yard | < 0.9.28-2+deb12u2 | yard_0.9.28-2+deb12u2_all.deb |
| Debian | 11 | all | yard | < 0.9.24-1+deb11u1 | yard_0.9.24-1+deb11u1_all.deb |
| Debian | 10 | all | yard | < 0.9.16-1+deb10u1 | yard_0.9.16-1+deb10u1_all.deb |
| Debian | 999 | all | yard | < 0.9.36-1 | yard_0.9.36-1_all.deb |
| Debian | 13 | all | yard | < 0.9.36-1 | yard_0.9.36-1_all.deb |
Related
debian
debian
[SECURITY] [DSA 5635-1] yard security update
2024-03-04 20:48:13
[SECURITY] [DLA 3753-1] yard security update
2024-03-06 21:45:26
osv
osv
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
2024-02-28 18:57:19
CVE-2024-27285
2024-02-28 20:15:41
yard - security update
2024-03-04 00:00:00
nessus
nessus
Fedora 38 : rubygem-yard (2024-3744975c4b)
2024-03-20 00:00:00
Debian dsa-5635 : yard - security update
2024-03-05 00:00:00
Debian dla-3753 : yard - security update
2024-03-07 00:00:00
openvas
openvas
Fedora: Security Advisory for rubygem-yard (FEDORA-2024-3744975c4b)
2024-03-25 00:00:00
Debian: Security Advisory (DSA-5635-1)
2024-03-05 00:00:00
Debian: Security Advisory (DLA-3753-1)
2024-03-07 00:00:00
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 38 Update: rubygem-yard-0.9.36-1.fc38
2024-03-21 01:28:26
cve
cve
CVE-2024-27285
2024-02-28 20:15:41
veracode
veracode
Cross-Site Scripting(XSS)
2024-02-29 05:45:38
github
github
prion
prion
Cross site scripting
2024-02-28 20:15:00
redhatcve
redhatcve
CVE-2024-27285
2024-03-01 15:02:08
ubuntucve
ubuntucve
CVE-2024-27285
2024-02-29 00:00:00
ubuntu
ubuntu
YARD vulnerabilities
2024-04-15 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up 03/08/2024
2024-03-08 17:00:00