YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42.
0.9.37-10.8.7.6+git20160220-30.8.7.6+git20160220-3ubuntu0.1~esm10.8.7.6+git20160220-3ubuntu0.1~esm20.8.7.6-10.9.12-10.9.12-1ubuntu30.9.12-20.9.12-2ubuntu0.1~esm10.9.12-2ubuntu0.1~esm20.9.9-10.9.16-10.9.20-10.9.24-10.9.24-1+deb11u1build0.20.04.10.9.24-1+deb11u1ubuntu0.1~esm10.9.24-10.9.26-10.9.26-1ubuntu0.10.9.26-1ubuntu0.1+esm10.9.28-20.9.34-10.9.35-10.9.36-10.9.36-1ubuntu0.1~esm10.9.37-10.9.37-1build10.9.38-10.9.38-1ubuntu0.1~esm1Exploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:LVI:NVA:NSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N