CVE-2022-4641

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-4641

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4641.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4641

Published

2022-12-21T22:15:08.823Z

Modified

2026-04-11T23:22:42.073768Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500.

References

Affected packages

Git / github.com/tdunning/pig-vector

Affected ranges

Type: GIT
Repo: https://github.com/tdunning/pig-vector
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15

Type: GIT
Repo: https://github.com/tdunning/pig-vector
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4641.json"

vanir_signatures_modified

"2026-04-11T23:22:42Z"

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "143515481571297682682681524831275971526",
                "155947191244229953898806677281413142802",
                "182759958644615006336757410825902988759",
                "175427448184348757275367984427481073308",
                "234110595223429843417222419283983057909",
                "63349636232109475791067692646332863949",
                "111718293142404984776980339381330187792",
                "226261748934492241956835098037322120895"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2022-4641-13d26dc7",
        "signature_version": "v1",
        "source": "https://github.com/tdunning/pig-vector/commit/1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15",
        "target": {
            "file": "src/main/java/org/apache/mahout/pig/LogisticRegression.java"
        }
    },
    {
        "digest": {
            "length": 2774.0,
            "function_hash": "75106117018471472171713404665448851583"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2022-4641-f72b1e40",
        "signature_version": "v1",
        "source": "https://github.com/tdunning/pig-vector/commit/1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15",
        "target": {
            "function": "LogisticRegression",
            "file": "src/main/java/org/apache/mahout/pig/LogisticRegression.java"
        }
    }
]