{"vulnerability": "CVE-2022-42902", "sightings": [{"uuid": "e27fe0ad-ebff-4eb0-ba69-70126e4c5273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42902", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16524", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42902\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.\n\ud83d\udccf Published: 2022-10-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-15T16:20:39.096Z\n\ud83d\udd17 References:\n1. https://git.lavasoftware.org/lava/lava/-/merge_requests/1834\n2. https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834\n3. https://www.debian.org/security/2022/dsa-5260\n4. https://lists.debian.org/debian-lts-announce/2022/11/msg00019.html", "creation_timestamp": "2025-05-15T16:35:18.000000Z"}, {"uuid": "772e0300-dcf1-40fb-88cf-aa38c9ab4630", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42902", "type": "seen", "source": "https://t.me/cibsecurity/51307", "content": "\u203c CVE-2022-42902 \u203c\n\nIn Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T07:27:28.000000Z"}]}