CVE-2018-12565

Опубликовано: 19 июн. 2018

Источник: debian

EPSS Низкий

Описание

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
lava	fixed	2018.5.post1-1		package
lava-server	removed			package
lava-server	not-affected		jessie	package

Примечания

https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14

EPSS

Процентиль: 85%

0.025

Низкий

Связанные уязвимости

CVE-2018-12565

CVSS3: 8.8

ubuntu

больше 7 лет назад

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.

CVE-2018-12565

CVSS3: 8.8

nvd

больше 7 лет назад

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.

GHSA-7j9p-5m8p-c6xp

CVSS3: 8.8

github

больше 3 лет назад

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.

EPSS

Процентиль: 85%

0.025

Низкий