Vulnerabilities > Yaws > Yaws > 2.0.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-09 | CVE-2020-24916 | OS Command Injection vulnerability in multiple products CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. | 9.8 |
2020-09-09 | CVE-2020-24379 | XXE vulnerability in multiple products WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | 9.8 |
2020-05-15 | CVE-2020-12872 | Inadequate Encryption Strength vulnerability in Yaws yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0. | 5.5 |