CVE-2022-45470
HIGHApache Hama < 1.7.1 - Path Traversal and Cross-Site Scripting
Title source: llmDescription
missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
References (2)
Core 2
Core References
Issue Tracking, Mailing List, Vendor Advisory
https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/11/21/1
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (2)
apache/hama
< 1.7.1
org.apache.hama/hama-core
0Maven
Published
Nov 21, 2022
Tracked Since
Feb 18, 2026