It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host.
0.8.7.6+git20160220-3ubuntu0.1~esm20.9.12-2ubuntu0.1~esm20.9.24-1+deb11u1ubuntu0.1~esm10.9.26-1ubuntu0.1+esm10.9.36-1ubuntu0.1~esm10.9.38-1ubuntu0.1~esm1