CVE-2022-45470
Cross-site Scripting in Apache Hama
7.5
HIGH
CVSS 3.1
EPSS 0.24%
Description
Missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
How to fix CVE-2022-45470
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Maven/org.apache.hama:hama-core—no fix listed
Is CVE-2022-45470 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 0.7.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |