CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. Read more