CVE-2022-45470 Vulnerability in maven package org.apache.hama:hama-core

Description

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Remediation

References

https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l

http://www.openwall.com/lists/oss-security/2022/11/21/1

Related Vulnerabilities

CVE-2023-26475 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-26541 Vulnerability in npm package gitlog

CVE-2022-24794 Vulnerability in npm package express-openid-connect

CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-api

CVE-2022-0436 Vulnerability in npm package grunt

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N