---

CVE-2020-24379 - log back

CVE-2020-24379 edited at 10 Sep 2020 13:31:25
References	https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c + https://github.com/vulnbe/poc-yaws-dav-xxe https://vuln.be/post/yaws-xxe-and-shell-injections/

CVE-2020-24379 edited at 10 Sep 2020 13:30:33
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure

CVE-2020-24379 edited at 10 Sep 2020 13:29:58
Description	+ WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
References	+ https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html + https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c + https://vuln.be/post/yaws-xxe-and-shell-injections/

CVE-2020-24379 created at 10 Sep 2020 13:29:00
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes