pkg:Maven/org.apache.ranger:ranger

All known vulnerabilities

• CRITICAL9.8CVE-2017-7676Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
  from 0, < 0.7.1
• CRITICAL9.8CVE-2016-0733The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
  from 0, < 0.5.1
• CRITICAL9.1CVE-2024-45479Apache Ranger UI vulnerable to Server Side Request Forgery
  from 0, < 2.5.0
• HIGH8.8CVE-2022-45048Apache Ranger code execution vulnerability in policy expressions
  >= 2.3.0, < 2.4.0
• HIGH8.8CVE-2016-0735Apache Ranger Access Restriction Bypass
  >= 0.5.0, < 0.5.2
• HIGH8.8CVE-2018-11778UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
  from 0, < 1.2.0
• HIGH7.2CVE-2016-2174SQL injection vulnerability in the policy admin tool in Apache Ranger
  from 0, < 0.5.3
• HIGH7.1CVE-2015-0266Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs
  from 0, < 0.5.0
• MEDIUM6.5CVE-2015-5167Apache Ranger allows users to bypass intended access restrictions via the REST API
  from 0, < 0.5.1
• MEDIUM6.5CVE-2016-6815Moderate severity vulnerability that affects org.apache.ranger:ranger
  from 0, < 0.6.2
• MEDIUM6.1CVE-2015-0265Apache Ranger Cross-site Scripting vulnerability
  from 0, < 0.5.0
• MEDIUM6.1CVE-2019-12397Cross-site scripting in Apache Ranger
  >= 0.7.0, < 2.0.0
• MEDIUM5.9CVE-2017-7677Moderate severity vulnerability that affects org.apache.ranger:ranger
  from 0, < 0.7.1
• MEDIUM4.8CVE-2024-45478Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page
  from 0, < 2.5.0
• MEDIUM4.8CVE-2016-8751Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
  from 0, < 0.6.3
• MEDIUM4.8CVE-2016-5395Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
  from 0, < 0.6.1