CVE-2022-45470 Vulnerability in maven package org.apache.hama:hama-core

Description

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/11/21/1

https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l

Related Vulnerabilities

CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-components

CVE-2020-7793 Vulnerability in npm package ua-parser-js

CVE-2023-25768 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

CVE-2022-31160 Vulnerability in maven package org.webjars:jquery-ui

CVE-2021-33605 Vulnerability in maven package com.vaadin:vaadin-checkbox-flow

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N