[oss-security] CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input

Velmurugan Periasamy Tue, 21 Jan 2025 09:23:34 -0800

Severity: moderate

Affected versions:


- Apache Ranger 2.4.0 before 2.5.0

Description:

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache 
Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes 
this issue.

Credit:

Gyujin (b...@web-us.kr) (finder)

References:

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
https://ranger.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-45478

[oss-security] CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input

Reply via email to