Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, was suspectible to denial of service via recursive XML entity expansion.