2018-06-19 05:00:00
mitre
PUBLISHED
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if its readable by lavaserver and valid yaml.