### [CVE-2011-4350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4350)
![](https://img.shields.io/static/v1?label=Product&message=yaws&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.91%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Directory%20Traversal%20(Local%20File%20Inclusion)&color=brighgreen)

### Description

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.

### POC

#### Reference
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4350

#### Github
No PoCs found on GitHub currently.