Description

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/11/21/1

https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l

Related Vulnerabilities

CVE-2022-36921 Vulnerability in maven package org.jenkins-ci.plugins:coverity

CVE-2023-37959 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher

CVE-2021-25930 Vulnerability in maven package org.opennms:opennms-webapp

CVE-2019-14772 Vulnerability in npm package verdaccio

CVE-2017-7681 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Issue Tracking Vendor Advisory NVD-CWE-noinfo