CVE-2018-12564
19.06.2018, 05:29
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.Enginsight
Vendor | Product | Version |
---|---|---|
linaro | lava | 𝑥 < 2018.5.post1 |
debian | debian_linux | 8.0 |
debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Common Weakness Enumeration
References