Sha256: 1bacb8efab72bd799dade9e9a4f8d60a930e4d5bb29f00de8aae97a0c60a9d84

Contents?: true

Size: 459 Bytes

Versions: 3

Compression:

Stored size: 459 Bytes

Contents

---
gem: yard
cve: 2017-17042
url: https://nvd.nist.gov/vuln/detail/CVE-2017-17042
date: 2017-11-28
title: Potential arbitrary file read vulnerability in yard server
description: |
  lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block
  relative paths with an initial ../ sequence, which allows attackers to conduct
  directory traversal attacks and read arbitrary files.

cvss_v2: 5.0
cvss_v3: 7.5

patched_versions:
  - ">= 0.9.11"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/yard/CVE-2017-17042.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/yard/CVE-2017-17042.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/yard/CVE-2017-17042.yml