pkg:gem/yard
Type
gem
Name
yard
Known advisories, vulnerabilities and fixes for yard package.
- Repository
- https://rubygems.org/gems/yard
High
2
Medium
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 0.9.11 |
CVE-2017-17042
|
 RUBYSEC:YARD-2017-17042
|
Potential arbitrary file read vulnerability in yard server | high |
2017-11-28T00:00:00
(6 years ago) |
|
| Fixed | >= 0.9.11 |
CVE-2017-17042
|
RUBYSEC:YARD-2017-17042
|
Potential arbitrary file read vulnerability in yard server | high |
2017-11-28T00:00:00
(6 years ago) |
|
| Affected | < 0.9.20 |
CVE-2019-1020001
|
RUBYSEC:YARD-2019-1020001
|
Arbitrary path traversal and file access via `yard server` | high |
2019-07-02T00:00:00
(5 years ago) |
|
| Fixed | >= 0.9.20 |
CVE-2019-1020001
|
RUBYSEC:YARD-2019-1020001
|
Arbitrary path traversal and file access via `yard server` | high |
2019-07-02T00:00:00
(5 years ago) |
|
| Affected | < 0.9.36 |
CVE-2024-27285
|
RUBYSEC:YARD-2024-27285
|
YARD's default template vulnerable to Cross-site Scripting in generated frames.html | medium |
2024-02-28T00:00:00
(6 months ago) |
|
| Fixed | >= 0.9.36 |
CVE-2024-27285
|
RUBYSEC:YARD-2024-27285
|
YARD's default template vulnerable to Cross-site Scripting in generated frames.html | medium |
2024-02-28T00:00:00
(6 months ago) |