WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
https://packetstormsecurity.com/files/159106/Yaws-2.0.7-XML-Injection-Command-Injection.html https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c https://github.com/vulnbe/poc-yaws-dav-xxe https://vuln.be/post/yaws-xxe-and-shell-injections/