21 matches found
PT-2026-51019
Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...
[SECURITY] Fedora 44 Update: rubygem-yard-0.9.40-2.fc44
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
[SECURITY] Fedora 43 Update: rubygem-yard-0.9.37-5.fc43
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
OESA-2026-2208 rubygem-yard security update
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
CVE-2026-41493
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
UBUNTU-CVE-2026-41493
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
CVE-2026-41493 yard: Possible arbitrary path traversal and file access via yard server
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
EUVD-2026-28554
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
EUVD-2024-0579
Malicious code in bioql PyPI...
UBUNTU-CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...
CVE-2024-27285
A flaw was found in the YARD Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file...
Cross site scripting
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...
CVE-2024-27285 YARD's default template vulnerable to Cross-site Scripting in generated frames.html
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...
SUSE CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
UBUNTU-CVE-2022-1185
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
ALPINE-CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
yard path traversal vulnerability
yard is a documentation generation tool for the Ruby programming language. A path traversal vulnerability exists in versions of yard prior to 0.9.20. The vulnerability stems from a failure of a networked system or product to properly filter special elements in the path of a resource or file. An...
[SECURITY] Fedora 26 Update: rubygem-yard-0.9.8-4.fc26
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...