oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-45048: Apache Ranger: code execution vulnerability in policy expressions

From: Madhan Neethiraj <madhan () apache org>
Date: Thu, 04 May 2023 20:59:50 +0000
Affected versions:

- Apache Ranger 2.3.0

Description:

Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution 
vulnerability. This issue affects Apache Ranger: 2.3.0.

Credit:

g1831767442 () 163 com (finder)

References:

https://ranger.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-45048
Previous By Date Next
Previous By Thread Next

Current thread: