VYPR
Unrated severityNVD Advisory· Published Nov 18, 2022· Updated Apr 30, 2025

CVE-2022-45132

CVE-2022-45132

Description

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linaro/Automated Validation Architecturedescription
  • Linaro/Lavallm-fuzzy
    Range: <2022.11.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.