First published: Tue Nov 26 2019(Updated: )
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Yaws Yaws | =1.91 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/yaws | 2.0.8+dfsg-3 2.1.1+dfsg-2 2.2.0+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.