Sha256: 20933b53c598f458ae9dbb12e3f56d297dd45bdd8887f9a80663fb6632659c36
Contents?: true
Size: 503 Bytes
Versions: 1
Compression:
Stored size: 503 Bytes
Contents
--- gem: yard ghsa: xfhh-rx56-rxcr date: 2019-07-02 url: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr title: Possible arbitrary path traversal and file access via `yard server` description: A path traversal vulnerability was discovered in YARD <= 0.9.19 when using `yard server` to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. patched_versions: - ">= 0.9.20"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/yard/GHSA-xfhh-rx56-rxcr.yml |