CVE-2022-45132 Lava before 2022.11.1 has a Jinja2 remote code execution vulnerability.

CVE-2022-45132 Lava before 2022.11.1 has a Jinja2 remote code execution vulnerability.

This issue has been corrected in LAVA server before 2022.11.1. In order to prevent such occurrences, we highly recommend that input validation be implemented on all components of your software stack, as well as other systems that receive configuration data.

CVE-2018-2430

An input validation vulnerability in BIND affecting Windows, Linux, and macOS has been discovered.

This vulnerability was disclosed on 2018-06-25 and fixed in LAVA before 2022.11.1

To prevent such occurrences, we highly recommend that input validation be implemented on all components of your software stack, as well as other systems that receive configuration data.

Potential Impact

This vulnerability allows attackers to cause a crash of the system by sending a maliciously crafted configuration file with a corrupted XML value. This is only one instance of an XML-based vulnerability in the stack, and therefore, we recommend that input validation be implemented on all components of your software stack as well as other systems that receive configuration data.

Things to Note:
1. The LAVA server has been corrected before 2022.11.1
2. It's recommended to implement input validation on all components of your software stack

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe