CVE-2022-45470
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Hama | 1.7.1 < Apache Hama* | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l
- http://www.openwall.com/lists/oss-security/2022/11/21/1
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l
- http://www.openwall.com/lists/oss-security/2022/11/21/1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.