Lucene search
PRIOn knowledge basePRION:CVE-2022-42902HistoryOct 13, 2022 - 3:15 a.m.
Input validation
2022-10-1303:15:00
PRIOn knowledge base
www.prio-n.com
8
linaro automated validation architecture
lava
input validation
dynamic code execution
improper input sanitization
anonymous user
lava-server-gunicorn service
nvd
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| debian_linux | eq | 11.0 | |
| lava | lt | 2022.10 |
Related
nessus
nessus
Debian DSA-5260-1 : lava - security update
2022-10-23 00:00:00
Debian DLA-3192-1 : lava - LTS security update
2022-11-17 00:00:00
osv
osv
lava - security update
2022-10-23 00:00:00
lava - security update
2022-11-17 00:00:00
cve
cve
CVE-2022-42902
2022-10-13 03:15:09
veracode
veracode
Authentication Bypass
2022-11-16 20:34:34
debian
debian
[SECURITY] [DSA 5260-1] lava security update
2022-10-23 18:38:14
[SECURITY] [DLA 3192-1] lava security update
2022-11-17 10:19:09
openvas
openvas
Debian: Security Advisory (DLA-3192-1)
2022-11-18 00:00:00
Debian: Security Advisory (DSA-5260-1)
2022-10-25 00:00:00
debiancve
debiancve
CVE-2022-42902
2022-10-13 03:15:09
nvd
nvd
CVE-2022-42902
2022-10-13 03:15:09
ubuntucve
ubuntucve
CVE-2022-42902
2022-10-13 00:00:00
cvelist
cvelist
CVE-2022-42902
2022-10-13 00:00:00