CVE-2019-12397

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-12397

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12397.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12397

Aliases

GHSA-fpqp-v323-44xv

Published

2019-08-08T18:15:10.663Z

Modified

2026-04-10T04:15:30.200948Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.

References

Affected packages

Git / github.com/apache/ranger

Affected ranges

Type

GIT

Repo

https://github.com/apache/ranger

Events

Introduced

f39e4880082f5579db49b29be735977a341c041b

Last affected

39ec5a38913e1d852cffecbdb8688b2370b6318f

Database specific

{
    "versions": [
        {
            "introduced": "0.7.0"
        },
        {
            "last_affected": "1.2.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12397.json"