CVE-2022-45470 – org.apache.hama:hama-core

Package

Manager: maven
Name: org.apache.hama:hama-core
Vulnerable Version: >=0 <=0.7.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00235 pctl0.46357

Details

Cross-site Scripting in Apache Hama Missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

Metadata

Created: 2022-11-21T18:30:38Z
Modified: 2022-11-23T18:46:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-4wfh-48v4-3r84/GHSA-4wfh-48v4-3r84.json
CWE IDs: ["CWE-20", "CWE-79"]
Alternative ID: GHSA-4wfh-48v4-3r84
Finding: F008
Auto approve: 1