Linaro Limited Linaro Automated Validation Architecture (LAVA) 2022.01

CPE Details

Linaro Limited Linaro Automated Validation Architecture (LAVA) 2022.01
linaro
lava
2022.01
2022-10-14
15h27 +00:00
2022-10-14
16h07 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:linaro:lava:2022.01:*:*:*:*:*:*:*

Informations

Vendor

linaro

Product

lava

Version

2022.01

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-44641 2022-11-17 23h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
6.5
Moyen
CVE-2022-45132 2022-11-17 23h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.
9.8
Critique
CVE-2022-42902 2022-10-12 22h00 +00:00 In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
8.8
Haute