CVE-2020-24916 log

Source
Severity High
Remote Yes
Type Arbitrary command execution
Description
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Group Package Affected Fixed Severity Status Ticket
AVG-1228 yaws 2.0.7-2 High Vulnerable
References
https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1
https://github.com/vulnbe/poc-yaws-cgi-shell-injection
https://vuln.be/post/yaws-xxe-and-shell-injections/