[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE update - fixed in Apache Ranger 2.0.0
From: Velmurugan Periasamy <vel () apache ! org>
Date: 2019-08-08 16:15:54
Message-ID: 09D4A543-35B4-4416-A0E3-CF88CFDFDE12 () apache ! org
[Download RAW message or body]
Hello:
Please find below details on CVE fixed in Ranger 2.0.0 release. Release details can be found at \
https://cwiki.apache.org/confluence/display/RANGER/2.0.0+Release+-+Apache+Ranger
———————————————————————————————————————————————————
CVE-2019-12397: Apache Ranger cross site scripting issue
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.7.0 to 1.2.0 versions of Apache Ranger, prior to 2.0.0
Users affected: All users of ranger policy admin tool
Description: Apache Ranger was found to be vulnerable to a Cross-Site Scripting in policy \
import functionality. Fix detail: Added logic to sanitize the user input.
Mitigation: Users should upgrade to 2.0.0 or later version of Apache Ranger with the fix.
Credit: Jan Kaszycki from STM Solutions
———————————————————————————————————————————————————
Thank you,
Velmurugan Periasamy
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic