4 matches found
CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...
CVE-2018-12563
CVE-2018-12563 (Linaro LAVA) affects LAVA prior to 2018.5.post1. The issue arises from the system’s handling of file: URLs, allowing a user to coerce lava-server-gunicorn to download any file from the filesystem that is readable by lavaserver and presented as valid YAML. This constitutes an arbit...
CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...
CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...