CVE-2024-45478

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45478

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45478.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45478

Aliases

GHSA-vrx2-mgr9-v67h

Published

2025-01-21T22:15:12Z

Modified

2025-06-10T21:27:15.416889Z

Summary

[none]

Details

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

References

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
http://www.openwall.com/lists/oss-security/2025/01/21/3

Affected packages

Git / github.com/apache/ranger

Affected ranges

Type: GIT
Repo: https://github.com/apache/ranger
Events: Introduced

50ad9c19e62f5aa6b2888b17437aa6fb1e2c0a36

Fixed

f3e2a44f0d7f80be4eed95b456f5066089a88891

Affected versions

release-2.*

release-2.4.0-rc2

release-2.5.0-rc0

release-2.5.0-rc1

release-2.5.0-rc2

release-2.5.0-rc3

release-ranger-2.*

release-ranger-2.4.0