CVE-2011-4350

Name of the Vulnerable Software and Affected Versions Yaws version 1.91

Description The issue arises from the way certain URLs are processed, allowing a remote authenticated user to exploit a directory traversal flaw. This could enable the user to obtain the content of arbitrary local files by sending specially-crafted URL requests.

Recommendations For Yaws version 1.91, consider restricting access to sensitive local files until a patch is available. As a temporary workaround, carefully validate and sanitize all URL requests to prevent directory traversal attacks.