4 matches found
Fedora 38 : rubygem-yard (2024-3744975c4b)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3744975c4b advisory. A security flaw was found on rubygem-yard that documents generated by yard may be vulnerable to XSS attack. This issue is now assigned as CVE-2024-27285 . Th...
Debian dsa-5635 : yard - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5635 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5635-1...
Debian: Security Advisory (DSA-5635-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-27285
CVE-2024-27285 affects YARD, a Ruby documentation generator. The vulnerability lies in the generated frames.html, where inadequate sanitization in the JavaScript of the frames.erb template allowed Cross-Site Scripting (XSS). Public advisories (Debian, Fedora, Ubuntu, NVD) attribute the issue to Y...