{"id":"CVE-2020-12872","details":"yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.","modified":"2026-03-19T12:39:39.208954Z","published":"2020-05-15T19:15:12.087Z","references":[{"type":"WEB","url":"https://medium.com/%40charlielabs101/cve-2020-12872-df315411aa70"},{"type":"ADVISORY","url":"https://github.com/erlyaws/yaws/releases"},{"type":"ADVISORY","url":"https://sweet32.info/"},{"type":"REPORT","url":"https://github.com/erlyaws/yaws/issues/402"},{"type":"EVIDENCE","url":"https://github.com/erlyaws/yaws/blob/c0fd79f17d52628fcec527da7fa3e788c283c445/src/yaws_config.erl#L2068-L2075"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/erlyaws/yaws","events":[{"introduced":"9ec143595747edee4b500944adb7388632987917"},{"last_affected":"3df60e25a0caef8592d15ca16db464da0c61972a"}],"database_specific":{"versions":[{"introduced":"2.0.2"},{"last_affected":"2.0.6"}]}}],"versions":["yaws-2.0.2","yaws-2.0.3","yaws-2.0.4","yaws-2.0.5","yaws-2.0.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12872.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}