title: Arbitrary path traversal and file access via `yard server`
description: "A path traversal vulnerability was discovered in YARD <= 0.9.19 when
using \n`yard server` to serve documentation. This bug would allow unsanitized HTTP\nrequests
to access arbitrary files on the machine of a yard server host under\ncertain conditions.\n\nThe
issue is resolved in v0.9.20 and later.\n"
- ">= 0.9.20"