0.002 Low
EPSS
Percentile
51.8%
yard is vulnerable to directory traversal attacks. The attacker can read any arbitrary file by passing relative paths with an initial ../ sequence to lib/yard/core_ext/file.rb.
../
lib/yard/core_ext/file.rb
github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4