Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-17042

Опубликовано: 28 нояб. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:yardoc:yard:*:*:*:*:*:*:*:*
Версия до 0.9.11 (исключая)

EPSS

Процентиль: 54%
0.00313
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2017-17042

CVSS3: 7.5
ubuntu
около 8 лет назад

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

redhat логотип

CVE-2017-17042

CVSS3: 7.5
redhat
около 8 лет назад

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

debian логотип

CVE-2017-17042

CVSS3: 7.5
debian
около 8 лет назад

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...

suse-cvrf логотип

openSUSE-SU-2018:1908-1

suse-cvrf
больше 7 лет назад

Security update for rubygem-yard

suse-cvrf логотип

SUSE-SU-2018:1890-1

suse-cvrf
больше 7 лет назад

Security update for rubygem-yard

EPSS

Процентиль: 54%
0.00313
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22