Description

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Remediation

References

http://www.openwall.com/lists/oss-security/2022/11/21/1

https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l

Related Vulnerabilities

CVE-2020-1948 Vulnerability in maven package org.apache.dubbo:dubbo-rpc-dubbo

CVE-2021-21290 Vulnerability in maven package io.netty:netty-transport-native-unix-common-tests

CVE-2019-19771 Vulnerability in npm package bitconijs-lib

CVE-2020-2291 Vulnerability in maven package org.jenkins-ci.plugins:couchdb-statistics

CVE-2022-37262 Vulnerability in npm package steal

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Mailing List Third Party Advisory Issue Tracking Vendor Advisory NVD-CWE-noinfo