Description
missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
Remediation
References
https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l
http://www.openwall.com/lists/oss-security/2022/11/21/1
Related Vulnerabilities
CVE-2022-38750 Vulnerability in maven package org.yaml:snakeyaml
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-cdc-mysql-processors
CVE-2022-25979 Vulnerability in npm package jsuites
CVE-2020-14968 Vulnerability in maven package org.webjars.bower:jsrsasign
CVE-2023-34467 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livetable-ui