USN-4569-1: Yaws vulnerabilities

It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity (XXE) injection attack. (CVE-2020-24379) It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands. (CVE-2020-24916)