In Linaro Automated Validation Architecture (LAVA) prior to 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linaro lava |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |