org.apache.ranger:ranger 1.1.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.ranger:ranger package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') org.apache.ranger:ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') such that authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? A fix was pushed into the `master` branch but not yet published.	[0,)
H Cross-site Scripting (XSS) org.apache.ranger:ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the Policy import functionality. How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.ranger:ranger` to version 2.0.0 or higher.	[0.7.0,2.0.0)
M Stack-based Buffer Overflow org.apache.ranger:ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. Affected versions of this package are vulnerable to Stack-based Buffer Overflow. Affected versions of this package are vulnerable to Stack-based Buffer Overflow. The `UnixAuthenticationService` class did not properly handling user input. How to fix Stack-based Buffer Overflow? Upgrade `org.apache.ranger:ranger` to version 1.2.0 or higher.	[,1.2.0)

Vulnerability

Vulnerable Version

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

org.apache.ranger:ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') such that authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability.

How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')?

A fix was pushed into the master branch but not yet published.

[0,)

Cross-site Scripting (XSS)

org.apache.ranger:ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the Policy import functionality.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.ranger:ranger to version 2.0.0 or higher.

[0.7.0,2.0.0)

Stack-based Buffer Overflow

org.apache.ranger:ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.

Affected versions of this package are vulnerable to Stack-based Buffer Overflow. Affected versions of this package are vulnerable to Stack-based Buffer Overflow. The UnixAuthenticationService class did not properly handling user input.

How to fix Stack-based Buffer Overflow?

Upgrade org.apache.ranger:ranger to version 1.2.0 or higher.

[,1.2.0)

org.apache.ranger:ranger@1.1.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?