277 matches found
K000160726: Apache Ranger vulnerability CVE-2025-59059
Security Advisory Description Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. CVE-2025-59059 Impact There is no impact; F5 products are not affected by this...
Exploit for Code Injection in Apache Ranger
CVE-2025-59059: Misattributed RCE in Apache Ranger a correcti...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59059
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
com.expediagroup.apiary:apiary-ranger-metastore-plugin (>=7.2.1 <=8.1.17), com.witboost.provisioning:scala-mesh-ranger_2.13 (=1.0.0) +64 more potentially affected by CVE-2025-59059 via org.apache.ranger:ranger-plugins-common (>=2.0.0 <=2.7.0)
org.apache.ranger:ranger-plugins-common MAVEN version =2.0.0, =7.2.1, =0.8.44-4, =466, =0.6.0-incubating, =0.8.0-incubating, =1.6.0-incubating, =1.6.0-incubating, =0.7.0, =0.7.0, =1.11.0, =1.11.0, =2.0.0, =1.3.0, =1.3.0, =2.0.0 and more Source cves: CVE-2025-59059 Source advisory:...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the SCRIPTSAFEPREEXEC definition in RangerRequestScriptEvaluator. An attacker can execute arbitrary OS commands by invoking scripts that rebuild the script context/engine e.g., via loadWithNewGlobal and...
com.expediagroup.apiary:apiary-ranger-metastore-plugin (>=7.2.1 <=8.1.17), com.witboost.provisioning:scala-mesh-ranger_2.13 (=1.0.0) +67 more potentially affected by CVE-2025-59059 via org.apache.ranger:ranger-plugins-common (>=0.6.0 <=2.7.0)
org.apache.ranger:ranger-plugins-common MAVEN version =0.6.0, =7.2.1, =0.8.44-4, =0.18.0, =466, =0.6.0-incubating, =0.8.0-incubating, =1.6.0-incubating, =1.6.0-incubating, =0.3.0, =0.3.0, =1.1.0, =1.1.0, =2.0.0, =1.3.0, =2.0.0 and more Source cves: CVE-2025-59059 Source advisory:...
GHSA-C87W-642H-M97H Apache Ranger has a Code Injection vulnerability
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
Apache Ranger has a Code Injection vulnerability
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
GHSA-5FVG-QWCP-R325 Apache Ranger Vulnerable to Improper Validation of Certificate with Host Mismatch
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59059
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59059
Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
CVE-2025-59060
Summary: CVE-2025-59060 describes a hostname verification bypass in Apache Ranger’s NiFiRegistryClient/NiFiClient. The issue is reported for Apache Ranger versions ≤ 2.7.0 and is fixed by upgrading to version 2.8.0. Affected components: NiFiRegistryClient and NiFiClient within Apache Ranger. Root...
CVE-2025-59060 Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...
EUVD-2025-208229
Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...