CVE-2019-1020001

Опубликовано: 27 июн. 2019

Источник: redhat

CVSS3: 8.8

Описание

yard before 0.9.20 allows path traversal.

A path traversal vulnerability was found in rubygem-yard when using a yard server to serve documentation. This issue allows unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat OpenStack Platform 16.1	puppet-dns	Not affected
Red Hat OpenStack Platform 16.2	puppet-dns	Not affected
Red Hat Satellite 6	foreman-installer	Not affected
Red Hat Satellite 6	puppet-agent-yard	Not affected
Red Hat Satellite 6	satellite-capsule:el8/foreman-installer	Not affected
Red Hat Satellite 6	satellite:el8/foreman-installer	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=2294730rubygem-yard: Arbitrary path traversal and file access in yard server

8.8 High

CVSS3

Связанные уязвимости

CVE-2019-1020001

CVSS3: 7.5

ubuntu

больше 6 лет назад

yard before 0.9.20 allows path traversal.

CVE-2019-1020001

CVSS3: 7.5

nvd

больше 6 лет назад

yard before 0.9.20 allows path traversal.

CVE-2019-1020001

CVSS3: 7.5

debian

больше 6 лет назад

yard before 0.9.20 allows path traversal.

GHSA-xfhh-rx56-rxcr

CVSS3: 7.5

github

больше 6 лет назад

Path Traversal vulnerability that affects yard

8.8 High

CVSS3