org.apache.nifi:nifi-ranger-nar (>=1.1.0 <=1.3.0), org.apache.nifi:nifi-ranger-plugin (>=1.1.0 <=1.3.0) +23 more potentially affected by CVE-2016-8746 via org.apache.ranger:ranger-plugins-common (>=0.6.0 <=0.6.2)

org.apache.ranger:ranger-plugins-common MAVEN version =0.6.0, =1.1.0, =1.1.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.2 and more Source cves: CVE-2016-8746 Source advisory: OSV:GHSA-XV7X-X6WR-XX7G...

CVE-2016-8746

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true...

CVE-2016-8746

CVE-2016-8746 affects Apache Ranger policy engine prior to version 0.6.3. The issue is a path-matching defect that occurs under recursive evaluation when policies do not contain wildcards, enablingmis-matches and potential security bypass. The vulnerability is scoped to the policy engine logic (n...