CVE-2022-44641

Name of the Vulnerable Software and Affected Versions Linaro Automated Validation Architecture (LAVA) versions prior to 2022.11

Description The issue allows users with valid credentials to submit crafted XMLRPC requests, causing a recursive XML entity expansion. This leads to excessive use of memory on the server and results in a Denial of Service.

Recommendations For versions prior to 2022.11, update to version 2022.11 or later to resolve the issue. As a temporary workaround, consider restricting access to XMLRPC requests until a patch is applied.