CVE-2016-1000108
CVE-2016-1000108 affects yaws before 2.0.4. The vulnerability stems from not addressing RFC 3875 section 4.1.18 namespace conflicts, leaving CGI applications exposed to untrusted client data in the HTTP_PROXY environment variable. An attacker could cause a CGI application's outbound HTTP traffic ...