oss-sec mailing list archives
CVE update - fixed in Apache Ranger 2.0.0
From: Velmurugan Periasamy <vel () apache org>
Date: Thu, 8 Aug 2019 12:15:54 -0400
Hello: Please find below details on CVE fixed in Ranger 2.0.0 release. Release details can be found at https://cwiki.apache.org/confluence/display/RANGER/2.0.0+Release+-+Apache+Ranger ——————————————————————————————————————————————————— CVE-2019-12397: Apache Ranger cross site scripting issue Severity: Normal Vendor: The Apache Software Foundation Versions Affected: 0.7.0 to 1.2.0 versions of Apache Ranger, prior to 2.0.0 Users affected: All users of ranger policy admin tool Description: Apache Ranger was found to be vulnerable to a Cross-Site Scripting in policy import functionality. Fix detail: Added logic to sanitize the user input. Mitigation: Users should upgrade to 2.0.0 or later version of Apache Ranger with the fix. Credit: Jan Kaszycki from STM Solutions ——————————————————————————————————————————————————— Thank you, Velmurugan Periasamy
Current thread:
- CVE update - fixed in Apache Ranger 2.0.0 Velmurugan Periasamy (Aug 08)