SecuritySpace - CVE-2017-17042

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2017-17042

Description: lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

Test IDs: 1.3.6.1.4.1.25623.1.0.851812 1.3.6.1.4.1.25623.1.0.873912 1.3.6.1.4.1.25623.1.0.873899 1.3.6.1.4.1.25623.1.0.873910

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-17042

CVE ID:	CVE-2017-17042
Description:	lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
Test IDs:	1.3.6.1.4.1.25623.1.0.851812 1.3.6.1.4.1.25623.1.0.873912 1.3.6.1.4.1.25623.1.0.873899 1.3.6.1.4.1.25623.1.0.873910
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2017-17042