Filtered by vendor Yardoc Subscriptions
Filtered by product Yard Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-1020001 1 Yardoc 1 Yard 2024-11-21 8.8 High
yard before 0.9.20 allows path traversal.
CVE-2017-17042 1 Yardoc 1 Yard 2024-11-21 N/A
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.