Cuongmx

Name of the Vulnerable Software and Affected Versions: yard versions prior to 0.9.20 Description: A path traversal issue was discovered in yard when using `yard server` to serve documentation, allowing unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. Recommendations: For versions prior to 0.9.20, upgrade to YARD v0.9.20 immediately if you are relying on yard server to host documentation in any untrusted environments. As a temporary workaround for users who cannot upgrade, consider performing path sanitization of HTTP requests at your webserver level, such as using WEBrick via `yard server -s webrick`, or applying certain rules in your webserver configuration to minimize the risk of exploitation.