CVE-2024-45479

Source
https://cve.org/CVERecord?id=CVE-2024-45479
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45479.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45479
Aliases
Published
2025-01-21T21:26:16.500Z
Modified
2026-07-08T06:27:35.505893320Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
Details

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.4.0"
                },
                {
                    "fixed": "2.5.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45479.json",
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "apache"
}
References

Affected packages

Git / github.com/apache/ranger

Affected ranges

Type
GIT
Repo
https://github.com/apache/ranger
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "fixed": "2.5.0"
        }
    ]
}

Affected versions

release-2.*
release-2.4.0-rc2
release-2.5.0-rc0
release-2.5.0-rc1
release-2.5.0-rc2
release-2.5.0-rc3
release-ranger-2.*
release-ranger-2.4.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45479.json"