CVSS v3: 7.3
- >= 0.9.20
A path traversal vulnerability was discovered in YARD <= 0.9.19 when using
yard server to serve documentation. This bug would allow unsanitized HTTP
requests to access arbitrary files on the machine of a yard server host under
The issue is resolved in v0.9.20 and later.