Loren Segal

4 exploits Active since Jul 2015
CVE-2026-49342 WRITEUP MEDIUM WRITEUP
YARD static cache reads raw traversal paths before router sanitization
YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as `/../yard-cache-secret.html` is joined against that root and can return a readable sibling `.html` file outside the intended static tree. Version 0.9.44 patches the issue.
CVSS 5.3
CVE-2015-5147 WRITEUP WRITEUP
Redcarpet < 3.3.2 - Stack-Based Buffer Overflow in HTML Renderer
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2017-17042 WRITEUP HIGH WRITEUP
YARD < 0.9.11 - Path Traversal via Relative Path Handling
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
CVSS 7.5
CVE-2024-27285 WRITEUP MEDIUM WRITEUP
yard < 0.9.36 - Cross-Site Scripting in frames.erb Template
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
CVSS 5.4