CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Max CVSS
10.0
EPSS Score
65.95%
Published
2020-09-09
Updated
2022-12-06
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Max CVSS
9.8
EPSS Score
2.95%
Published
2020-09-09
Updated
2022-12-06
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
Max CVSS
7.5
EPSS Score
96.16%
Published
2017-07-07
Updated
2017-07-14
3 vulnerabilities found