Lucene search
K

240 matches found

OSV
OSV
added 2026/07/06 6:28 a.m.5 views

OESA-2026-2852 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 6:28 a.m.6 views

OESA-2026-2851 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 10:29 p.m.11 views

EUVD-2026-38069

YARD static cache reads raw traversal paths before router sanitization...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-49342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the...

5.3CVSS5.9AI score0.00273EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 9:13 p.m.7 views

Directory Traversal

Overview yard is a documentation generation tool for the Ruby programming language. Affected versions of this package are vulnerable to Directory Traversal via the static cache lookup feature when a server is configured with a document root. An attacker can access files outside the intended...

6.9CVSS6.5AI score0.00273EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 8:16 p.m.13 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 8:16 p.m.11 views

DEBIAN-CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 8:16 p.m.5 views

UBUNTU-CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 7:13 p.m.20 views

CVE-2026-49342 YARD static cache reads raw traversal paths before router sanitization

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS0.00273EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/19 7:13 p.m.7 views

CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0
CVE
CVE
added 2026/06/19 7:13 p.m.26 views

CVE-2026-49342

YARD (Ruby) prior to 0.9.44 is affected: its static cache lookup reads the request path before router path cleanup, allowing a traversal like /../yard-cache-secret.html to be joined with a document root and retrieve a sibling .html outside the intended static tree. The issue is addressed in versi...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51019

Name of the Vulnerable Software and Affected Versions YARD versions prior to 0.9.44 Description YARD is a documentation generation tool for the Ruby programming language. The static cache lookup reads a request path before the router's path cleanup process occurs. When a server is configured with...

5.3CVSS5.7AI score0.00273EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : YARD vulnerability (USN-8394-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8394-1 advisory. It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An...

7.5CVSS5.7AI score0.00388EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 8:11 a.m.9 views

USN-8394-1 yard vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

7.5CVSS5.5AI score0.00388EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/05 8:11 a.m.12 views

USN-8394-1: YARD vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

7.5CVSS5.5AI score0.00388EPSS
Exploits0
Fedora
Fedora
added 2026/06/05 4:10 a.m.19 views

[SECURITY] Fedora 43 Update: rubygem-yard-0.9.37-5.fc43

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.14 views

Fedora 44 : rubygem-yard (2026-acefc1fe48)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-acefc1fe48 advisory. Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues Tenable has extracted the preceding description block directly from the Fedora security...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.15 views

Fedora 43 : rubygem-yard (2026-2d0a32ddc0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2d0a32ddc0 advisory. Backport 0.9.41 / 0.9.44 fixes for possible path traversal issues Tenable has extracted the preceding description block directly from the Fedora security...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/25 11:16 p.m.14 views

CVE-2026-41493

A flaw was found in YARD, a Ruby Documentation tool. When using yard server to serve documentation, a path traversal vulnerability allows a remote attacker to access arbitrary files on the host machine through unsanitized HTTP requests. This could lead to unauthorized information disclosure from...

7.5CVSS5.9AI score0.00388EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Yard

Path traversal is possible before version 0.9.20...

7.5CVSS7.1AI score0.02334EPSS
Exploits0References1
Rows per page
Query Builder