{"url":"http://public2.vulnerablecode.io/api/packages/100885?format=json","purl":"pkg:deb/debian/lava@2022.10-1?distro=sid","type":"deb","namespace":"debian","name":"lava","version":"2022.10-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2023.01-1","latest_non_vulnerable_version":"2026.05-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75182?format=json","vulnerability_id":"VCID-egqn-me48-ybbh","summary":"In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42902","reference_id":"","reference_type":"","scores":[{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.70134","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0098","scoring_system":"epss","scoring_elements":"0.77134","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0098","scoring_system":"epss","scoring_elements":"0.77143","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0098","scoring_system":"epss","scoring_elements":"0.77155","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0161","scoring_system":"epss","scoring_elements":"0.82097","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42902"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021737","reference_id":"1021737","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021737"},{"reference_url":"https://git.lavasoftware.org/lava/lava/-/merge_requests/1834","reference_id":"1834","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-15T16:20:03Z/"}],"url":"https://git.lavasoftware.org/lava/lava/-/merge_requests/1834"},{"reference_url":"https://www.debian.org/security/2022/dsa-5260","reference_id":"dsa-5260","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-15T16:20:03Z/"}],"url":"https://www.debian.org/security/2022/dsa-5260"},{"reference_url":"https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834","reference_id":"e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-15T16:20:03Z/"}],"url":"https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-15T16:20:03Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00019.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100886?format=json","purl":"pkg:deb/debian/lava@2020.12-5%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lava@2020.12-5%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/100883?format=json","purl":"pkg:deb/debian/lava@2020.12-5%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lava@2020.12-5%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/100885?format=json","purl":"pkg:deb/debian/lava@2022.10-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lava@2022.10-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/100881?format=json","purl":"pkg:deb/debian/lava@2023.01-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lava@2023.01-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/100884?format=json","purl":"pkg:deb/debian/lava@2026.04-7?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lava@2026.04-7%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/304772?format=json","purl":"pkg:deb/debian/lava@2026.05-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lava@2026.05-2%3Fdistro=sid"}],"aliases":["CVE-2022-42902"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egqn-me48-ybbh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lava@2022.10-1%3Fdistro=sid"}