Source: yard Version: 0.9.34-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.9.28-2 Control: found -1 0.9.24-1
Hi, The following vulnerability was published for yard. CVE-2024-27285[0]: | YARD is a Ruby Documentation tool. The "frames.html" file within the | Yard Doc's generated documentation is vulnerable to Cross-Site | Scripting (XSS) attacks due to inadequate sanitization of user input | within the JavaScript segment of the "frames.erb" template file. | This vulnerability is fixed in 0.9.35. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-27285 https://www.cve.org/CVERecord?id=CVE-2024-27285 [1] https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc [2] https://github.com/lsegal/yard/commit/d78fc393d603c4fc35975969296ed381146a29d4 Regards, Salvatore