CVE-2024-27285 Information

Description

YARD is a Ruby Documentation tool. The rames.html\ file within the Yard Doc’s generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the rames.erb\ template file. This vulnerability is fixed in 0.9.35.

Reference

https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be