| Summary | YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42. |
|---|---|
| Publication Date | May 8, 2026, 11:16 p.m. |
| Registration Date | May 9, 2026, 4:12 a.m. |
| Last Update | May 9, 2026, 1:02 a.m. |