YARD is a Ruby Documentation tool. The “frames.html” file within the Yard Doc’s generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the “frames.erb” template file. This vulnerability is fixed in 0.9.36.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | yard | < 0.9.28-2+deb12u2 | yard_0.9.28-2+deb12u2_all.deb |
Debian | 11 | all | yard | < 0.9.24-1+deb11u1 | yard_0.9.24-1+deb11u1_all.deb |
Debian | 10 | all | yard | < 0.9.16-1+deb10u1 | yard_0.9.16-1+deb10u1_all.deb |
Debian | 999 | all | yard | < 0.9.36-1 | yard_0.9.36-1_all.deb |
Debian | 13 | all | yard | < 0.9.36-1 | yard_0.9.36-1_all.deb |