Severity
Medium
Analysis Summary
CVE-2022-26477
Apache SystemDS is vulnerable to a denial of service, caused by a CPU exhaustion in the termination condition of the for loop in the readExternal method. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-26477
Affected Vendors
- Apache
Affected Products
- Apache SystemDS 2.2.1
Remediation
Refer to Apache Website for patch, upgrade or suggested workaround information.