admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-12-14 20:08:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2017/CVE-2017-17042.md
0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00

660 B
Raw Blame History

CVE-2017-17042

Description

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

POC

Reference

No PoCs from references.

Github