CVE-2019-12397

CVSS v3.0 6.1 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 1.52 % (87^th)

Affected Products 1

Advisories 1

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2019-08-08 18:15:10
(5 years ago)
Updated Date: 2023-11-07 03:03:32
(10 months ago)

Affected Products

Apache

Ranger

Configuration #1

		CPE23	From	Up To
	Apache Ranger from 0.7.0 version and 1.2.0 and prior versions	cpe:2.3:a:apache:ranger	>= 0.7.0	<= 1.2.0