CGA-vwg3-f39p-vhq9

Published

Last updated

https://images.chainguard.dev/security/CGA-vwg3-f39p-vhq9

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

CVE-2022-4244
GHSA-g6ph-x5wf-g337

Severity

Unknown

Summary

plexus-codehaus vulnerable to directory traversal

Description

A flaw was found in plexus-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with dot-dot-slash (../) sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-4244
https://github.com/advisories/GHSA-g6ph-x5wf-g337
https://github.com/codehaus-plexus/plexus-utils/issues/4
https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef
https://access.redhat.com/errata/RHSA-2023:2135
https://access.redhat.com/errata/RHSA-2023:3906
https://access.redhat.com/security/cve/CVE-2022-4244
https://bugzilla.redhat.com/show_bug.cgi?id=2149841
https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-vwg3-f39p-vhq9

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources