Linaro Limited Linaro Automated Validation Architecture (LAVA) 2022.10

CPE Details

Linaro Limited Linaro Automated Validation Architecture (LAVA) 2022.10
linaro
lava
2022.10
2022-10-14
15h27 +00:00
2022-10-14
16h07 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:linaro:lava:2022.10:*:*:*:*:*:*:*

Informations

Vendor

linaro

Product

lava

Version

2022.10

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-44641 2022-11-17 23h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
6.5
Moyen
CVE-2022-45132 2022-11-17 23h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
9.8
Critique