An issue exists in Linaro LAVA prior to 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linaro lava |
||
debian debian linux 9.0 |