rubysec · kallal79 · Mar 31, 2026 · Jun 3, 2026 · Jun 3, 2026 · Jun 3, 2026
diff --git a/gems/guard-livereload/CVE-2016-1000305.yml b/gems/guard-livereload/CVE-2016-1000305.yml
@@ -0,0 +1,31 @@
+---
+gem: guard-livereload
+cve: 2016-1000305
+url: https://github.com/guard/guard-livereload/issues/159
+title: Directory traversal vulnerability in guard-livereload
+date: 2016-12-30
+description: |
+  A directory traversal vulnerability exists in guard-livereload before version 2.5.2.
+  The vulnerability allows remote attackers to read arbitrary files on the server
+  by exploiting improper path validation in the livereload server functionality.
+
+  This vulnerability is related to the handling of file paths in the livereload
+  server component, which could allow an attacker to traverse directories and
+  access files outside the intended web root directory.
+
+  The issue was identified and reported through the DWF (Distributed Weakness Filing)
+  project, which assigns CVE identifiers for security vulnerabilities.
+cvss_v2: 5.0
+cvss_v3: 7.5
+unaffected_versions:
+  - "< 2.5.2"
+patched_versions:
+  - ">= 2.5.2"
+related:
+  url:
+    - https://security.snyk.io/vuln/SNYK-RUBY-GUARDLIVERELOAD-20361
+    - https://github.com/guard/guard-livereload/issues/159
+notes: |
+  This vulnerability was assigned CVE-2016-1000305 by the DWF (Distributed Weakness Filing)
+  project. The gem has not been released after fixing this vulnerability in version 2.5.2.
+  Users should consider migrating to rack-livereload as an alternative.