Severity: Critical
CVSS Score: 9.8
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.