GHSA-xv7x-x6wr-xx7g

Source

https://github.com/advisories/GHSA-xv7x-x6wr-xx7g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xv7x-x6wr-xx7g/GHSA-xv7x-x6wr-xx7g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xv7x-x6wr-xx7g

Aliases

CVE-2016-8746

Published

2018-10-17T17:22:05Z

Modified

2024-02-16T08:10:53.069284Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Apache Ranger policy engine incorrectly matches paths in certain conditions

Details

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-426"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T22:04:33Z"
}

References

Affected packages

Maven / org.apache.ranger:ranger-plugins-common

Package

Name: org.apache.ranger:ranger-plugins-common; View open source insights on deps.dev
Purl: pkg:maven/org.apache.ranger/ranger-plugins-common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.3

Affected versions

0.*

0.6.0

0.6.1

0.6.2