Miggo Logo
Miggo Vulnerability Database
CVE-2022-45470

CVE-2022-45470: Cross-site Scripting in Apache Hama

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-45470
GHSA ID
GHSA-4wfh-48v4-3r84
EPSS Score
0.44375%
CWE
CWE-20
Published
11/21/2022
Updated
2/3/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.hama:hama-coremaven<= 0.7.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability descriptions and references indicate missing input validation leading to XSS and path traversal, but no specific code examples, commit diffs, or function names are disclosed in the available sources. The Apache Hama project is EOL, and the advisory explicitly states no patches exist. While the CWEs (20 and 79) suggest general areas of concern (input handling and output encoding in web interfaces), the lack of technical details about the affected endpoints, parameters, or code paths in the advisory, NVD entry, or linked resources makes it impossible to identify specific vulnerable functions with high confidence. The Apache mailing list link returns no content, and the Openwall post only repeats the advisory summary.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Missin* input v*li**tion in *p**** **m* m*y **us* in*orm*tion *is*losur* t*rou** p*t* tr*v*rs*l *n* XSS. Sin** *p**** **m* is *OL, w* *o not *xp**t t**s* issu*s to ** *ix**.

Reasoning

T** provi*** vuln*r**ility **s*riptions *n* r***r*n**s in*i**t* missin* input v*li**tion l***in* to XSS *n* p*t* tr*v*rs*l, *ut no sp**i*i* *o** *x*mpl*s, *ommit *i**s, or *un*tion n*m*s *r* *is*los** in t** *v*il**l* sour**s. T** *p**** **m* proj**t