3 matches found
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-45132
CVE-2022-45132 affects LAVA (Linaro Automated Validation Architecture) prior to 2022.11.1. The REST API endpoint that validates device configuration files loads user input as a Jinja2 template, enabling remote code execution on the LAVA server via a crafted template. Affected component: lava-serv...