QwikSec

Security Database

CVE

CWE

Training

CVE-2022-42902

Published: Oct 13, 2022

Modified: May 15, 2025

PUBLISHED

Description

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.lavasoftware.org/lava/lava/-/merge_requests/1834

https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834

vendor-advisory

[debian-lts-announce] 20221117 [SECURITY] [DLA 3192-1] lava security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.