---

CVE-2020-24916 - log back

CVE-2020-24916 edited at 10 Sep 2020 13:30:48
References	https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1 https://github.com/vulnbe/poc-yaws-cgi-shell-injection + https://vuln.be/post/yaws-xxe-and-shell-injections/

CVE-2020-24916 edited at 10 Sep 2020 13:28:46
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary command execution
Description	+ CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
References	+ https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1 + https://github.com/vulnbe/poc-yaws-cgi-shell-injection
Notes

CVE-2020-24916 created at 10 Sep 2020 13:27:49