USN-8394-1: YARD vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

USN-8394-1 yard vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

CVE-2022-47715

In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic...

yard path traversal vulnerability

yard is a documentation generation tool for the Ruby programming language. A path traversal vulnerability exists in versions of yard prior to 0.9.20. The vulnerability stems from a failure of a networked system or product to properly filter special elements in the path of a resource or file. An...

PT-2017-14678 · Yard +3 · Yard +3

Name of the Vulnerable Software and Affected Versions: YARD versions prior to 0.9.11 Description: The issue allows attackers to conduct directory traversal attacks and read arbitrary files due to the failure to block relative paths with an initial ../ sequence in the lib/yard/core ext/file.rb fil...