Yard@* Security Vulnerabilities and Issues — Yard@* CVE List

Lucene search

YardocYard*

3 matches found

CVE•added 2024/02/28 8:15 p.m.•132 views

CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0....

6.1CVSS5.2AI score0.02702EPSS

CVE•added 2019/07/29 1:15 p.m.•96 views

CVE-2019-1020001

yard before 0.9.20 allows path traversal.

7.5CVSS6.1AI score0.00246EPSS

CVE•added 2017/11/28 8:29 p.m.•78 views

CVE-2017-17042

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

7.5CVSS6.1AI score0.00379EPSS