CVE-2019-1020001Path Traversal in Yard

CWE-22Path Traversal6 documents5 sources
Severity
7.5HIGHOSV
No vector
EPSS
0.2%
top 52.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Yardoc Yard
Timeline
Latest updateApr 15

Description

yard before 0.9.20 allows path traversal. Scope: local bookworm: resolved (fixed in 0.9.20-1) bullseye: resolved (fixed in 0.9.20-1) forky: resolved (fixed in 0.9.20-1) sid: resolved (fixed in 0.9.20-1) trixie: resolved (fixed in 0.9.20-1)

Affected Packages2 packages

RubyGemsyardoc/yard< 0.9.20
Ubuntuyardoc/yard< 0.9.24-1+deb11u1build0.20.04.1+3

🔴Vulnerability Details

3
OSV
yard vulnerabilities2024-04-15
GHSA
Path Traversal vulnerability that affects yard2019-07-02
OSV
Path Traversal vulnerability that affects yard2019-07-02

📋Vendor Advisories

3
Ubuntu
YARD vulnerabilities2024-04-15
Red Hat
rubygem-yard: Arbitrary path traversal and file access in yard server2019-06-27
Debian
CVE-2019-1020001: yard - yard before 0.9.20 allows path traversal.2019
CVE-2019-1020001 — Path Traversal in Yardoc Yard | cvebase