CVE-2017-17042
yard Severe
File Access
Discovered over 3 years ago
Published almost 4 years ago
Category: File Access
Source: NIST NVD
Severity: Severe

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 0.9.11

Unaffected Versions

n/a

References

n/a