Описание
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| yard | fixed | 0.9.36-1 | package |
Примечания
https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
Fixed by: https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4 (v0.9.35)
Followup: https://github.com/lsegal/yard/commit/c88406e4b78f8dd4ba38c79eea0bcec716dbbef8 (v0.9.36)
Followup: https://github.com/lsegal/yard/commit/2a0b9990b64ceeeb0456177c593e36e204a06df1 (v0.9.36)
Followup: https://github.com/lsegal/yard/commit/a831a596b2a7cabdd2e17855dd179af2ebf3d559 (v0.9.36)
EPSS
Связанные уязвимости
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
EPSS