Linaro Limited Linaro Automated Validation Architecture (LAVA) 2022.03

CPE Details

Linaro Limited Linaro Automated Validation Architecture (LAVA) 2022.03
linaro
lava
2022.03
2022-10-14
15h27 +00:00
2022-10-14
16h07 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:linaro:lava:2022.03:*:*:*:*:*:*:*

Informations

Vendor

linaro

Product

lava

Version

2022.03

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-44641 2022-11-17 23h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
6.5
Medium
CVE-2022-45132 2022-11-17 23h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
9.8
Critical
CVE-2022-42902 2022-10-12 22h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
8.8
High