| Release | Version |
|---|---|
| jessie | 1.98-4+deb8u1 |
| stretch | 2.0.4+dfsg-1+deb9u1 |
| buster | 2.0.6+dfsg-1+deb10u1 |
| bullseye | 2.0.8+dfsg-3 |
| bookworm | 2.1.1+dfsg-2 |
| trixie | 2.2.0+dfsg-1 |
| sid | 2.2.0+dfsg-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24916 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ... |
| CVE-2020-24379 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-4495 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Yaws 1.85 writes data to a log file without sanitizing non-printable c ... |
| Bug | Description |
|---|---|
| CVE-2017-10974 | Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Direc ... |
| CVE-2016-1000108 | yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 ... |
| CVE-2011-5025 | Multiple cross-site scripting (XSS) vulnerabilities in the wiki applic ... |
| CVE-2011-4350 | Yaws 1.91 has a directory traversal vulnerability in the way certain U ... |
| CVE-2010-4181 | Directory traversal vulnerability in Yaws 1.89 allows remote attackers ... |
| CVE-2009-0751 | Yaws before 1.80 allows remote attackers to cause a denial of service ... |
| CVE-2005-2008 | Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ... |
| DSA / DLA | Description |
|---|---|
| DSA-4773-1 | yaws - security update |
| DLA-2384-1 | yaws - security update |
| DSA-1740-1 | yaws - denial of service |