Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-17042

Опубликовано: 28 нояб. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

0.9.12-2
cosmic

not-affected

0.9.12-2
devel

not-affected

0.9.12-2
disco

not-affected

0.9.12-2
eoan

not-affected

0.9.12-2
esm-apps/bionic

not-affected

0.9.12-2
esm-apps/focal

not-affected

0.9.12-2
esm-apps/jammy

not-affected

0.9.12-2
esm-apps/noble

not-affected

0.9.12-2

Показывать по

Ссылки на источники

EPSS

Процентиль: 54%
0.00313
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-17042

CVSS3: 7.5
redhat
около 8 лет назад

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

nvd логотип

CVE-2017-17042

CVSS3: 7.5
nvd
около 8 лет назад

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

debian логотип

CVE-2017-17042

CVSS3: 7.5
debian
около 8 лет назад

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...

suse-cvrf логотип

openSUSE-SU-2018:1908-1

suse-cvrf
больше 7 лет назад

Security update for rubygem-yard

suse-cvrf логотип

SUSE-SU-2018:1890-1

suse-cvrf
больше 7 лет назад

Security update for rubygem-yard

EPSS

Процентиль: 54%
0.00313
Низкий

5 Medium

CVSS2

7.5 High

CVSS3