CVE-2017-17042

CVE-2017-17042

lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

Source: CVE-2017-17042

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다