CVE-2018-12565
Published: 19 June 2018
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
Priority
CVSS 3 base score: 8.8
Status
Package | Release | Status |
---|---|---|
lava-server Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
artful |
Does not exist
|
|
bionic |
Does not exist
|
|
lava Launchpad, Ubuntu, Debian |
upstream |
Released
(2018.5.post1-1)
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Does not exist
|
|
artful |
Does not exist
|
|
bionic |
Does not exist
|