Sha256: 3695ee906f313047bc128b6928327377624562a01c8bfff5f73664a6ebbee355
Contents?: true
Size: 579 Bytes
Versions: 1
Compression:
Stored size: 579 Bytes
Contents
--- gem: yard cve: 2019-1020001 ghsa: xfhh-rx56-rxcr url: https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr date: 2019-07-02 title: Arbitrary path traversal and file access via `yard server` description: | A path traversal vulnerability was discovered in YARD <= 0.9.19 when using `yard server` to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The issue is resolved in v0.9.20 and later. patched_versions: - ">= 0.9.20" cvss_v3: 7.3
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/yard/CVE-2019-1020001.yml |