VulnerableCode Package Details - pkg:deb/debian/yard@0.9.7-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/yard@0.9.7-1

Essentials
History (3)

purl	pkg:deb/debian/yard@0.9.7-1

Next non-vulnerable version	0.9.24-1+deb11u1
Latest non-vulnerable version	0.9.24-1+deb11u1
Risk	4.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-4fgr-usag-z7dm Aliases: CVE-2024-27285 GHSA-8mq4-9jjh-9xrc	YARD's default template vulnerable to Cross-site Scripting in generated frames.html The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file.	0.9.24-1+deb11u1 Affected by 0 other vulnerabilities.
VCID-pnw3-qk8w-ayhc Aliases: CVE-2017-17042 GHSA-gj4p-3wh3-2rmf	Directory traversal `lib/yard/core_ext/file.rb` does not block relative paths with an initial `../` sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.	0.9.16-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xkbj-n36y-8bbr Aliases: CVE-2019-1020001 GHSA-xfhh-rx56-rxcr	Arbitrary path traversal and file access via `yard server` A path traversal vulnerability was discovered in YARD <= 0.9.19 when using `yard server` to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The issue is resolved in v0.9.20 and later.	0.9.24-1+deb11u1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T08:42:47.749982+00:00	Debian Oval Importer	Affected by	VCID-4fgr-usag-z7dm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T01:21:20.751069+00:00	Debian Oval Importer	Affected by	VCID-pnw3-qk8w-ayhc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T00:20:36.476036+00:00	Debian Oval Importer	Affected by	VCID-xkbj-n36y-8bbr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0