Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
debian_linux | eq | 9.0 | |
debian_linux | eq | 10.0 | |
yaws | eq | 1.91 |