CVE-2020-24379 log

Source
Severity High
Remote Yes
Type Information disclosure
Description
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Group Package Affected Fixed Severity Status Ticket
AVG-1228 yaws 2.0.7-2 High Vulnerable
References
https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html
https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c
https://github.com/vulnbe/poc-yaws-dav-xxe
https://vuln.be/post/yaws-xxe-and-shell-injections/