Search criteria
2 vulnerabilities by lsegal
CVE-2026-41493 (GCVE-0-2026-41493)
Vulnerability from cvelistv5 – Published: 2026-05-08 13:13 – Updated: 2026-05-08 21:27
VLAI
Title
yard: Possible arbitrary path traversal and file access via yard server
Summary
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/lsegal/yard/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/lsegal/yard/releases/tag/v0.9.42 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T14:15:08.883899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T21:27:41.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "yard",
"vendor": "lsegal",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:13:49.232Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lsegal/yard/security/advisories/GHSA-3jfp-46x4-xgfj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lsegal/yard/security/advisories/GHSA-3jfp-46x4-xgfj"
},
{
"name": "https://github.com/lsegal/yard/releases/tag/v0.9.42",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lsegal/yard/releases/tag/v0.9.42"
}
],
"source": {
"advisory": "GHSA-3jfp-46x4-xgfj",
"discovery": "UNKNOWN"
},
"title": "yard: Possible arbitrary path traversal and file access via yard server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41493",
"datePublished": "2026-05-08T13:13:49.232Z",
"dateReserved": "2026-04-20T16:14:19.008Z",
"dateUpdated": "2026-05-08T21:27:41.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27285 (GCVE-0-2024-27285)
Vulnerability from cvelistv5 – Published: 2024-02-28 19:22 – Updated: 2025-02-13 17:46
VLAI
Title
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Summary
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/lsegal/yard/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/lsegal/yard/pull/1538 | x_refsource_MISC |
| https://github.com/lsegal/yard/commit/1fcb2d8b316… | x_refsource_MISC |
| https://github.com/lsegal/yard/commit/2069e2bf082… | x_refsource_MISC |
| https://github.com/rubysec/ruby-advisory-db/blob/… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2024… | |
| https://lists.fedoraproject.org/archives/list/pac… |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:28:00.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc"
},
{
"name": "https://github.com/lsegal/yard/pull/1538",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lsegal/yard/pull/1538"
},
{
"name": "https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa"
},
{
"name": "https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be"
},
{
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yardoc:yard:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "yard",
"vendor": "yardoc",
"versions": [
{
"status": "affected",
"version": "0.9.36"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27285",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T20:48:49.252393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:08:36.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "yard",
"vendor": "lsegal",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.36"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "YARD is a Ruby Documentation tool. The \"frames.html\" file within the Yard Doc\u0027s generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the \"frames.erb\" template file. This vulnerability is fixed in 0.9.36."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-21T02:06:28.560Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc"
},
{
"name": "https://github.com/lsegal/yard/pull/1538",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lsegal/yard/pull/1538"
},
{
"name": "https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa"
},
{
"name": "https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be"
},
{
"name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA/"
}
],
"source": {
"advisory": "GHSA-8mq4-9jjh-9xrc",
"discovery": "UNKNOWN"
},
"title": "YARD\u0027s default template vulnerable to Cross-site Scripting in generated frames.html"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-27285",
"datePublished": "2024-02-28T19:22:15.026Z",
"dateReserved": "2024-02-22T18:08:38.872Z",
"dateUpdated": "2025-02-13T17:46:21.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}