Lucene search
GoogleOSV:GHSA-GJ4P-3WH3-2RMFHistoryDec 21, 2017 - 12:47 a.m.
Arbitrary file read vulnerability in yard server
2017-12-2100:47:25
Google
osv.dev
9
0.002 Low
EPSS
Percentile
51.9%
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
Related
redhatcve
redhatcve
CVE-2017-17042
2017-11-30 03:19:33
suse
suse
Security update for rubygem-yard (important)
2018-07-07 00:11:14
nessus
nessus
Fedora 27 : rubygem-yard (2017-386e856a4f)
2018-01-15 00:00:00
openSUSE Security Update : rubygem-yard (openSUSE-2018-707)
2018-07-09 00:00:00
Fedora 26 : rubygem-yard (2017-c6c6e9beae)
2017-12-13 00:00:00
openvas
openvas
openSUSE: Security Advisory for rubygem-yard (openSUSE-SU-2018:1908-1)
2018-07-07 00:00:00
Fedora Update for rubygem-yard FEDORA-2017-ca05b30e86
2017-12-14 00:00:00
Fedora Update for rubygem-yard FEDORA-2017-386e856a4f
2017-12-14 00:00:00
osv
osv
CVE-2017-17042
2017-11-28 20:29:00
yard vulnerabilities
2024-04-15 10:27:32
fedora
fedora
[SECURITY] Fedora 27 Update: rubygem-yard-0.9.8-4.fc27
2017-12-12 11:30:35
[SECURITY] Fedora 26 Update: rubygem-yard-0.9.8-4.fc26
2017-12-12 13:46:39
[SECURITY] Fedora 25 Update: rubygem-yard-0.8.7.6-4.fc25
2017-12-12 14:40:55
cvelist
cvelist
CVE-2017-17042
2022-10-03 16:23:20
prion
prion
Directory traversal
2017-11-28 20:29:00
debiancve
debiancve
CVE-2017-17042
2022-10-03 16:23:20
veracode
veracode
Directory Traversal
2017-11-29 01:45:24
nvd
nvd
CVE-2017-17042
2017-11-28 20:29:00
cve
cve
CVE-2017-17042
2022-10-03 16:23:20
ubuntucve
ubuntucve
CVE-2017-17042
2017-11-28 00:00:00
github
github
Arbitrary file read vulnerability in yard server
2017-12-21 00:47:25
ubuntu
ubuntu
YARD vulnerabilities
2024-04-15 00:00:00