CVE-2024-45478

Source
https://cve.org/CVERecord?id=CVE-2024-45478
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45478.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45478
Aliases
Published
2025-01-21T21:25:58.276Z
Modified
2026-07-08T06:27:33.148040020Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
Details

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.4.0"
                },
                {
                    "fixed": "2.5.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45478.json",
    "cna_assigner": "apache",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/apache/ranger

Affected ranges

Type
GIT
Repo
https://github.com/apache/ranger
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "fixed": "2.5.0"
        }
    ]
}

Affected versions

release-2.*
release-2.4.0-rc2
release-2.5.0-rc0
release-2.5.0-rc1
release-2.5.0-rc2
release-2.5.0-rc3
release-ranger-2.*
release-ranger-2.4.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45478.json"