Yard
Monthly
Path traversal in the YARD Ruby documentation server (prior to 0.9.44) allows unauthenticated remote attackers to read arbitrary `.html` files from directories outside the configured document root by supplying crafted `../`-containing request paths such as `/../yard-cache-secret.html`. The flaw exists because the static cache lookup in `StaticCaching#check_static_cache` constructs a filesystem path from the raw `request.path` before the router's own path-sanitization logic runs, enabling traversal to sibling directories. No active exploitation has been identified (not in CISA KEV) and no public POC exists at time of analysis; the vendor-released fix is version 0.9.44.
YARD is a Ruby Documentation tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
yard before 0.9.20 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Path traversal in the YARD Ruby documentation server (prior to 0.9.44) allows unauthenticated remote attackers to read arbitrary `.html` files from directories outside the configured document root by supplying crafted `../`-containing request paths such as `/../yard-cache-secret.html`. The flaw exists because the static cache lookup in `StaticCaching#check_static_cache` constructs a filesystem path from the raw `request.path` before the router's own path-sanitization logic runs, enabling traversal to sibling directories. No active exploitation has been identified (not in CISA KEV) and no public POC exists at time of analysis; the vendor-released fix is version 0.9.44.
YARD is a Ruby Documentation tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
yard before 0.9.20 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.