10 matches found
openSUSE Security Update : rubygem-yard (openSUSE-2018-707)
This update for rubygem-yard fixes the following issues : - CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files bsc1070263. This update was imported from the...
openSUSE: Security Advisory for rubygem-yard (openSUSE-SU-2018:1908-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2018:1890-1 Security update for rubygem-yard
This update for rubygem-yard fixes the following issues: - CVE-2017-17042: The server in YARD did not block relative paths with an initial ../ sequence, which allowed attackers to conduct directory traversal attacks and read arbitrary files bsc1070263...
Fedora 27 : rubygem-yard (2017-386e856a4f)
Fix to directory traversal attacks CVE-2017-17042. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora Update for rubygem-yard FEDORA-2017-386e856a4f
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-yard FEDORA-2017-c6c6e9beae
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-17042
lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...
CVE-2017-17042
lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...
DEBIAN-CVE-2017-17042
lib/yard/coreext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files...
CVE-2017-17042
CVE-2017-17042 affects the YARD project: the server in YARD before 0.9.11 does not block relative paths starting with ../ in lib/yard/core_ext/file.rb, enabling directory traversal and potential reading of arbitrary files. Affected platforms are evidenced by multiple advisories (Fedora, openSUSE,...