CVE-2022-45470: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

November 21, 2022 (updated November 22, 2022)

** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

References

www.openwall.com/lists/oss-security/2022/11/21/1
github.com/advisories/GHSA-4wfh-48v4-3r84
lists.apache.org/thread/ztvoshd4kxvp5vlro52mpgpfxct4ft8l
nvd.nist.gov/vuln/detail/CVE-2022-45470

Detect and mitigate CVE-2022-45470 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →