Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 28/02/2024 Updated: 21/03/2024

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.

Debian Bug report logs - #1065118 yard: CVE-2024-27285 Package: src:yard; Maintainer for src:yard is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 29 Feb 2024 21:57:01 UTC Severity: important Tags: security, upstream Found in ...

https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be https://github.com/lsegal/yard/pull/1538 https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065118 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-27285

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect