Directory Traversal Vulnerability in YARD Server (CVE-2021-12345)

CVE-2017-17042 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

Learn more about our Cis Benchmark Audit For Server Software.