Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyamYtbXhmbS05OGg1

SQL injection vulnerability in the policy admin tool in Apache Ranger

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.

Permalink: https://github.com/advisories/GHSA-4rjf-mxfm-98h5
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyamYtbXhmbS05OGg1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: about 1 year ago


CVSS Score: 7.2
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-4rjf-mxfm-98h5, CVE-2016-2174
References:

Affected Packages

maven:org.apache.ranger:ranger
Dependent packages: 0
Dependent repositories: 2
Downloads:
Affected Version Ranges: < 0.5.3
Fixed in: 0.5.3
All affected versions:
All unaffected versions: 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.7.1, 1.0.0, 1.1.0, 1.2.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0