Linaro Limited Linaro Automated Validation Architecture (LAVA) 2020.08

CPE Details

Linaro Limited Linaro Automated Validation Architecture (LAVA) 2020.08
linaro
lava
2020.08
2022-10-14
15h29 +00:00
2022-10-14
16h07 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:linaro:lava:2020.08:*:*:*:*:*:*:*

Informations

Vendor

linaro

Product

lava

Version

2020.08

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-44641 2022-11-17 23h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
6.5
Medium
CVE-2022-45132 2022-11-17 23h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
9.8
Critical
CVE-2022-42902 2022-10-12 22h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
8.8
High