Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1
CVE-2024-27285
- EPSS 2.7%
- Published 28.02.2024 20:15:41
- Last modified 14.02.2025 15:31:24
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb"...
7.5
CVE-2019-1020001
- EPSS 0.25%
- Published 29.07.2019 13:15:11
- Last modified 21.11.2024 04:18:10
yard before 0.9.20 allows path traversal.
7.5
CVE-2017-17042
- EPSS 0.41%
- Published 28.11.2017 20:29:00
- Last modified 20.04.2025 01:37:25
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
1