Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/yard@0.5.0
Typegem
Namespace
Nameyard
Version0.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.9.36
Latest_non_vulnerable_version0.9.42
Affected_by_vulnerabilities
0
url VCID-4fgr-usag-z7dm
vulnerability_id VCID-4fgr-usag-z7dm
summary 
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27285.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27285.json
1
reference_url https://github.com/lsegal/yard
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lsegal/yard
2
reference_url https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa
3
reference_url https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be
4
reference_url https://github.com/lsegal/yard/pull/1538
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lsegal/yard/pull/1538
5
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065118
reference_id 1065118
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065118
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2267244
reference_id 2267244
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2267244
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27285
reference_id CVE-2024-27285
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27285
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml
reference_id CVE-2024-27285.YML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml
11
reference_url https://github.com/advisories/GHSA-8mq4-9jjh-9xrc
reference_id GHSA-8mq4-9jjh-9xrc
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-8mq4-9jjh-9xrc
12
reference_url https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
reference_id GHSA-8mq4-9jjh-9xrc
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc
fixed_packages
0
url pkg:gem/yard@0.9.36
purl pkg:gem/yard@0.9.36
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/yard@0.9.36
aliases CVE-2024-27285, GHSA-8mq4-9jjh-9xrc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fgr-usag-z7dm
1
url VCID-pnw3-qk8w-ayhc
vulnerability_id VCID-pnw3-qk8w-ayhc
summary 
Directory traversal
`lib/yard/core_ext/file.rb` does not block relative paths with an initial `../` sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17042.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17042.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-17042
reference_id
reference_type
scores
0
value 0.00409
scoring_system epss
scoring_elements 0.61628
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-17042
2
reference_url https://github.com/advisories/GHSA-gj4p-3wh3-2rmf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-gj4p-3wh3-2rmf
3
reference_url https://github.com/lsegal/yard
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lsegal/yard
4
reference_url https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2017-17042.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2017-17042.yml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1519065
reference_id 1519065
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1519065
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17042
reference_id CVE-2017-17042
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-17042
fixed_packages
0
url pkg:gem/yard@0.9.11
purl pkg:gem/yard@0.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fgr-usag-z7dm
1
vulnerability VCID-xkbj-n36y-8bbr
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/yard@0.9.11
aliases CVE-2017-17042, GHSA-gj4p-3wh3-2rmf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pnw3-qk8w-ayhc
2
url VCID-xkbj-n36y-8bbr
vulnerability_id VCID-xkbj-n36y-8bbr
summary 
Arbitrary path traversal and file access via `yard server`
A path traversal vulnerability was discovered in YARD <= 0.9.19 when using
`yard server` to serve documentation. This bug would allow unsanitized HTTP
requests to access arbitrary files on the machine of a yard server host under
certain conditions.

The issue is resolved in v0.9.20 and later.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1020001.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1020001.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1020001
reference_id
reference_type
scores
0
value 0.00246
scoring_system epss
scoring_elements 0.48081
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1020001
2
reference_url https://github.com/advisories/GHSA-xfhh-rx56-rxcr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xfhh-rx56-rxcr
3
reference_url https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/lsegal/yard/security/advisories/GHSA-xfhh-rx56-rxcr
4
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2294730
reference_id 2294730
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2294730
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945369
reference_id 945369
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945369
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1020001
reference_id CVE-2019-1020001
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1020001
fixed_packages
0
url pkg:gem/yard@0.9.20
purl pkg:gem/yard@0.9.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fgr-usag-z7dm
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/yard@0.9.20
aliases CVE-2019-1020001, GHSA-xfhh-rx56-rxcr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xkbj-n36y-8bbr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/yard@0.5.0