CVE-2022-44641 Information

Description

In Linaro Automated Validation Architecture (LAVA) before 2022.11 users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion leading to excessive use of memory on the server and a Denial of Service.

Reference

https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/