Description

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Remediation

References

https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l

http://www.openwall.com/lists/oss-security/2022/11/21/1

Related Vulnerabilities

CVE-2023-28155 Vulnerability in maven package org.webjars.npm:request

CVE-2023-30543 Vulnerability in npm package @web3-react/walletconnect

CVE-2019-12041 Vulnerability in maven package org.webjars.bower:remarkable

CVE-2017-18214 Vulnerability in maven package org.webjars.bower:moment

CVE-2023-29528 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Mailing List Vendor Advisory Third Party Advisory