12 matches found
EUVD-2024-41743
Malicious code in bioql PyPI...
Server-Side Request Forgery (SSRF)
Apache Ranger is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation due to the Edit Service Page in the UI allowing crafted requests that can trigger unintended internal or external network calls...
GHSA-G9GF-G5JQ-9H3V Apache Ranger UI vulnerable to Server Side Request Forgery
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue...
GHSA-VRX2-MGR9-V67H Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue...
CVE-2024-45479 Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue...
CVE-2024-45479
Apache Ranger UI (v2.4.0) contains an SSRF vulnerability in the Edit Service Page. The root cause is improper input validation that allows crafted requests to trigger unintended internal or external network calls. This vulnerability is classified with high impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S...
CVE-2024-45479 Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue...
CVE-2024-45478 Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue...
CVE-2024-45478
CVE-2024-45478 describes a stored cross-site scripting (XSS) vulnerability in the Edit Service Page of Apache Ranger UI, specifically affecting Apache Ranger UI version 2.4.0. The underlying issue is lack of proper input filtering/escaping on user-supplied data. The recommended remediation is to ...
CVE-2024-45478 Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue...
Apache Ranger 输入验证错误漏洞
Apache Ranger is a set of architectures from the U.S.-based Apache Foundation for implementing comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing and data...
Apache Ranger 输入验证错误漏洞
Apache Ranger is a set of architectures from the Apache USA Foundation that implement comprehensive security measures for Hadoop clusters. The product provides centralized security policy management for core enterprise security requirements such as authorization, billing, and data protection. An...