Description

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/11/21/1

https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l

Related Vulnerabilities

CVE-2020-2174 Vulnerability in maven package org.jenkins-ci.plugins:awseb-deployment-plugin

CVE-2018-1000420 Vulnerability in maven package org.jenkins-ci.plugins:mesos

CVE-2021-39157 Vulnerability in npm package detect-character-encoding

CVE-2023-25766 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

CVE-2022-24429 Vulnerability in npm package convert-svg-core

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Issue Tracking Vendor Advisory NVD-CWE-noinfo