CVSS v3.x: 7.5 (High)
CVSS v2.0: 5.0 (Medium)
- >= 0.9.20
A path traversal vulnerability was discovered in YARD <= 0.9.19 when using
yard server to serve documentation. This bug would allow unsanitized HTTP
requests to access arbitrary files on the machine of a yard server host under
The issue is resolved in v0.9.20 and later.