YARD could be made to expose sensitive information over the network.
Software Description:
- yard: A documentation generation tool for the Ruby programming language
Details:
It was discovered that YARD incorrectly sanitized paths in its built-in
documentation server. An attacker could possibly use this issue to read arbitrary
files from the server host.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
yard 0.9.38-1ubuntu0.1~esm1
Available with Ubuntu Pro
yard-doc 0.9.38-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 24.04 LTS
yard 0.9.36-1ubuntu0.1~esm1
Available with Ubuntu Pro
yard-doc 0.9.36-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
yard 0.9.26-1ubuntu0.1+esm1
Available with Ubuntu Pro
yard-doc 0.9.26-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
yard 0.9.24-1+deb11u1ubuntu0.1~esm1
Available with Ubuntu Pro
yard-doc 0.9.24-1+deb11u1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
yard 0.9.12-2ubuntu0.1~esm2
Available with Ubuntu Pro
yard-doc 0.9.12-2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
yard 0.8.7.6+git20160220-3ubuntu0.1~esm2
Available with Ubuntu Pro
yard-doc 0.8.7.6+git20160220-3ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8394-1
CVE-2026-41493
Get the latest Linux and open source security news straight to your inbox.