Directory traversal vulnerability in Yaws 1.89 allows remote malicious users to read arbitrary files via ..\ (dot dot backslash) and other sequences.
yaws yaws 1.89