lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "yard", "binary_version": "0.8.7.6+git20160220-3ubuntu0.1~esm1" }, { "binary_name": "yard-doc", "binary_version": "0.8.7.6+git20160220-3ubuntu0.1~esm1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "yard", "binary_version": "0.9.12-2" }, { "binary_name": "yard-doc", "binary_version": "0.9.12-2" } ] }