Vulnerabilities (CVE)

Filtered by vendor Yardoc Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1020001 1 Yardoc 1 Yard 2024-11-21 5.0 MEDIUM 7.5 HIGH
yard before 0.9.20 allows path traversal.
CVE-2017-17042 1 Yardoc 1 Yard 2024-11-21 5.0 MEDIUM 7.5 HIGH
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.