22 matches found
OESA-2026-2285 rubygem-yard security update
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
SUSE CVE-2026-41493
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
OESA-2026-2208 rubygem-yard security update
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
OESA-2026-2207 rubygem-yard security update
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
OESA-2026-2206 rubygem-yard security update
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
OESA-2026-2205 rubygem-yard security update
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
Linux Distros Unpatched Vulnerability : CVE-2026-41493
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation...
DEBIAN-CVE-2026-41493
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
CVE-2026-41493
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
UBUNTU-CVE-2026-41493
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
CVE-2026-41493 yard: Possible arbitrary path traversal and file access via yard server
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
CVE-2026-41493
Summary: CVE-2026-41493 affects the Ruby documentation tool YARD, specifically the yard server. Prior to version 0.9.42, a path traversal vulnerability could allow unsanitized HTTP requests to access arbitrary files on the host running yard server under certain conditions. This was fixed in versi...
CVE-2026-41493 yard: Possible arbitrary path traversal and file access via yard server
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
EUVD-2026-28554
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
CVE-2026-41493
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...
YARD 路径遍历漏洞
YARD is a Ruby documentation generation tool developed by Loren Segal. Versions of YARD prior to 0.9.42 contained a path traversal vulnerability. This vulnerability stemmed from the use of the yard server’s path traversal feature, which could allow uncleaned HTTP requests to access arbitrary file...
GHSA-3JFP-46X4-XGFJ yard: Possible arbitrary path traversal and file access via yard server
Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...
yard: Possible arbitrary path traversal and file access via yard server
Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...
Possible arbitrary path traversal and file access via yard server
Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...
PT-2019-11617 · Yard +3 · Yard +3
Name of the Vulnerable Software and Affected Versions: yard versions prior to 0.9.20 Description: A path traversal issue was discovered in yard when using yard server to serve documentation, allowing unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under...