yaws

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Web server for dynamic content
Version 2.0.8-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1228 2.0.7-2 High Vulnerable
AVG-1161 2.0.7-2 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-24916 AVG-1228 High Yes Arbitrary command execution
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
CVE-2020-24379 AVG-1228 High Yes Information disclosure
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
CVE-2020-12872 AVG-1161 Medium Yes Information disclosure
yaws_config.erl in Yaws through 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks.