oss-sec mailing list archives
CVE-2022-45470: Apache Hama allows XSS and information disclosure
From: Arnout Engelen <engelen () apache org>
Date: Mon, 21 Nov 2022 09:31:56 +0000
Description: ** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. Credit: Apache would like to thank QSec-Team for reporting this issue
Current thread:
- CVE-2022-45470: Apache Hama allows XSS and information disclosure Arnout Engelen (Nov 21)