Description

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/11/21/1

https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l

Related Vulnerabilities

CVE-2020-8237 Vulnerability in maven package org.webjars.bower:json-bigint

CVE-2021-41246 Vulnerability in npm package express-openid-connect

CVE-2022-31160 Vulnerability in maven package org.fujion.webjars:jquery-ui

CVE-2020-2239 Vulnerability in maven package org.jenkins-ci.plugins:parameterized-remote-trigger

CVE-2022-44621 Vulnerability in maven package org.apache.kylin:kylin-server-base

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Issue Tracking Vendor Advisory NVD-CWE-noinfo