Lava
by Linaro
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12565 | Hig | 0.57 | 8.8 | 0.02 | Jun 19, 2018 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. | ||
| CVE-2018-12564 | Med | 0.42 | 6.5 | 0.01 | Jun 19, 2018 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. | ||
| CVE-2018-12563 | Med | 0.42 | 6.5 | 0.01 | Jun 19, 2018 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. | ||
| CVE-2022-45132 | 0.00 | — | 0.02 | Nov 18, 2022 | In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be… | |||
| CVE-2022-44641 | 0.00 | — | 0.01 | Nov 18, 2022 | In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | |||
| CVE-2022-42902 | 0.00 | — | 0.01 | Oct 13, 2022 | In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. |
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.
- CVE-2022-45132Nov 18, 2022risk 0.00cvss —epss 0.02
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be…
- CVE-2022-44641Nov 18, 2022risk 0.00cvss —epss 0.01
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
- CVE-2022-42902Oct 13, 2022risk 0.00cvss —epss 0.01
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.