In Linaro Automated Validation Architecture (LAVA) prior to 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linaro lava |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |