pkg:maven/org.apache.ranger/ranger
Type
maven
Namespace
org.apache.ranger
Name
ranger
Known advisories, vulnerabilities and fixes for org.apache.ranger/ranger package.
Critical
2
High
4
Moderate
5
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 0.5.0, < 0.5.2 |
CVE-2016-0735
|
 MAVEN:GHSA-22V7-W6C5-V4RR
|
Apache Ranger Access Restriction Bypass | high |
2022-05-17T03:56:54
(2 years ago) |
|
| Fixed | = 0.5.2 |
CVE-2016-0735
|
MAVEN:GHSA-22V7-W6C5-V4RR
|
Apache Ranger Access Restriction Bypass | high |
2022-05-17T03:56:54
(2 years ago) |
|
| Affected | < 0.5.3 |
CVE-2016-2174
|
MAVEN:GHSA-4RJF-MXFM-98H5
|
SQL injection vulnerability in the policy admin tool in Apache Ranger | high |
2018-10-17T17:21:29
(6 years ago) |
|
| Fixed | = 0.5.3 |
CVE-2016-2174
|
MAVEN:GHSA-4RJF-MXFM-98H5
|
SQL injection vulnerability in the policy admin tool in Apache Ranger | high |
2018-10-17T17:21:29
(6 years ago) |
|
| Affected | < 0.7.1 |
CVE-2017-7676
|
MAVEN:GHSA-758M-6G3Q-G3HH
|
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character | critical |
2018-10-17T17:22:38
(6 years ago) |
|
| Fixed | = 0.7.1 |
CVE-2017-7676
|
MAVEN:GHSA-758M-6G3Q-G3HH
|
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character | critical |
2018-10-17T17:22:38
(6 years ago) |
|
| Affected | = 2.3.0 |
CVE-2022-45048
|
MAVEN:GHSA-89GW-CFFJ-MQG9
|
Apache Ranger code execution vulnerability in policy expressions | high |
2023-07-06T21:14:54
(14 months ago) |
|
| Fixed | = 2.4.0 |
CVE-2022-45048
|
MAVEN:GHSA-89GW-CFFJ-MQG9
|
Apache Ranger code execution vulnerability in policy expressions | high |
2023-07-06T21:14:54
(14 months ago) |
|
| Affected | < 1.2.0 |
CVE-2018-11778
|
MAVEN:GHSA-C99H-FGQM-6679
|
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow | high |
2018-10-17T17:22:23
(6 years ago) |
|
| Fixed | = 1.2.0 |
CVE-2018-11778
|
MAVEN:GHSA-C99H-FGQM-6679
|
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow | high |
2018-10-17T17:22:23
(6 years ago) |
|
| Affected | < 0.7.1 |
CVE-2017-7677
|
MAVEN:GHSA-FFJH-FJGG-MFPQ
|
Moderate severity vulnerability that affects org.apache.ranger:ranger | moderate |
2018-10-17T17:22:49
(6 years ago) |
|
| Fixed | = 0.7.1 |
CVE-2017-7677
|
MAVEN:GHSA-FFJH-FJGG-MFPQ
|
Moderate severity vulnerability that affects org.apache.ranger:ranger | moderate |
2018-10-17T17:22:49
(6 years ago) |
|
| Affected | >= 0.7.0, <= 1.2.0 |
CVE-2019-12397
|
MAVEN:GHSA-FPQP-V323-44XV
|
Cross-site scripting in Apache Ranger | moderate |
2019-08-16T14:01:35
(5 years ago) |
|
| Fixed | = 2.0.0 |
CVE-2019-12397
|
MAVEN:GHSA-FPQP-V323-44XV
|
Cross-site scripting in Apache Ranger | moderate |
2019-08-16T14:01:35
(5 years ago) |
|
| Affected | < 0.5.1 |
CVE-2016-0733
|
MAVEN:GHSA-J84C-J8QM-G47R
|
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password | critical |
2018-10-17T17:21:11
(6 years ago) |
|
| Fixed | = 0.5.1 |
CVE-2016-0733
|
MAVEN:GHSA-J84C-J8QM-G47R
|
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password | critical |
2018-10-17T17:21:11
(6 years ago) |
|
| Affected | < 0.6.1 |
CVE-2016-5395
|
MAVEN:GHSA-RF7Q-XQM3-6923
|
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML | moderate |
2018-10-17T17:21:37
(6 years ago) |
|
| Fixed | = 0.6.1 |
CVE-2016-5395
|
MAVEN:GHSA-RF7Q-XQM3-6923
|
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML | moderate |
2018-10-17T17:21:37
(6 years ago) |
|
| Affected | < 0.6.3 |
CVE-2016-8751
|
MAVEN:GHSA-V7MF-QGXF-QMVF
|
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies | moderate |
2018-10-17T17:21:54
(6 years ago) |
|
| Fixed | = 0.6.3 |
CVE-2016-8751
|
MAVEN:GHSA-V7MF-QGXF-QMVF
|
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies | moderate |
2018-10-17T17:21:54
(6 years ago) |
|
| Affected | < 0.6.2 |
CVE-2016-6815
|
MAVEN:GHSA-VHXC-8JJQ-859J
|
Moderate severity vulnerability that affects org.apache.ranger:ranger | moderate |
2018-10-17T17:21:44
(6 years ago) |
|
| Fixed | = 0.6.2 |
CVE-2016-6815
|
MAVEN:GHSA-VHXC-8JJQ-859J
|
Moderate severity vulnerability that affects org.apache.ranger:ranger | moderate |
2018-10-17T17:21:44
(6 years ago) |