CVE-2022-45470

high

Description

missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

References

https://lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l

http://www.openwall.com/lists/oss-security/2022/11/21/1

Details

Source: Mitre, NVD

Published: 2022-11-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00217