WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-09-09
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
CVSS Score
9.8
EPSS Score
0.39
Published
2020-09-09
yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-05-15