AVG-1228 log

Package yaws
Status Vulnerable
Severity High
Type multiple issues
Affected 2.0.7-2
Fixed Unknown
Current 2.0.8-1 [community]
Ticket Create
Created Thu Sep 10 13:27:49 2020
Issue Severity Remote Type Description
CVE-2020-24916 High Yes Arbitrary command execution
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
CVE-2020-24379 High Yes Information disclosure
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
References
https://github.com/erlyaws/yaws/releases/tag/yaws-2.0.8
https://vuln.be/post/yaws-xxe-and-shell-injections/