Описание
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 2023.01-2 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | not-affected | 2023.01-2 |
| trusty | ignored | end of standard support |
| upstream | released | 2022.10-1 |
| xenial | ignored | end of standard support |
Показывать по
8.8 High
CVSS3
Связанные уязвимости
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
8.8 High
CVSS3