Dynamic Code Execution Vulnerability in LAVA Server's lavatable.py

Dynamic Code Execution Vulnerability in LAVA Server's lavatable.py

CVE-2022-42902 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.

Learn more about our Cis Benchmark Audit For Server Software.