EUVD-2018-4524

Malware in sbrugna...

LAVA 代码注入漏洞

LAVA is a continuous integration system from LAVA open source. It is used to deploy operating systems to physical and virtual hardware to run tests. A security vulnerability exists in versions of LAVA prior to 2022.11.1 that stems from its REST API endpoint for validating device profiles loading...

LAVA 安全漏洞

LAVA is a continuous integration system from LAVA open source. It is used to deploy operating systems to physical and virtual hardware to run tests. A security vulnerability exists in LAVA versions prior to 2022.10, which stems from improper input cleanup and dynamic code execution in...

PT-2022-26653 · Linaro · Lava

Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.10 Description: The issue is related to dynamic code execution in lava server/lavatable.py due to improper input sanitization. This allows an anonymous user to force the...

DEBIAN-CVE-2018-12563

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...