Advisories for Gem/Yard package

2026

YARD static cache reads raw traversal paths before router sanitization

YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joined against that root and can return a readable sibling .html file outside the intended static tree. The potential security risk seems low, as only html-ending files can be read, but still the risk of reading arbitrary html files is …

2024
2019
2017

Directory traversal

lib/yard/core_ext/file.rb does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

2013

Cross-site Scripting

This package is vulnerable to Cross-site Scripting (XSS). Strings parsed from the anchor in the address bar were not sanitized, allowing for arbitrary HTML to be embedded into the page.