Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyamYtbXhmbS05OGg1
SQL injection vulnerability in the policy admin tool in Apache Ranger
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
Permalink: https://github.com/advisories/GHSA-4rjf-mxfm-98h5JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyamYtbXhmbS05OGg1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 7.2
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-4rjf-mxfm-98h5, CVE-2016-2174
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-2174
- https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
- https://github.com/advisories/GHSA-4rjf-mxfm-98h5
- http://www.openwall.com/lists/oss-security/2016/06/01/3
Affected Packages
maven:org.apache.ranger:ranger
Dependent packages: 0Dependent repositories: 2
Downloads:
Affected Version Ranges: < 0.5.3
Fixed in: 0.5.3
All affected versions:
All unaffected versions: 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.7.1, 1.0.0, 1.1.0, 1.2.0, 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.4.0, 2.5.0