...
| Note |
|---|
Before reporting any security related JIRAs, please go through Apache's guidance for VULNERABILITY HANDLING Please see Lock down Apache Ranger for production deployments |
Fixed in Ranger 2.0.0
...
CVE-2019-12397: Apache Ranger cross site scripting issue
Severity: Normal
Vendor: The Apache Software Foundation
Versions Affected: 0.7.0 to 1.2.0 versions of Apache Ranger, prior to 2.0.0
Users affected: All users of ranger policy admin tool
Description: Apache Ranger was found to be vulnerable to a Cross-Site Scripting in policy import functionality.
Fix detail: Added logic to sanitize the user input.
Mitigation: Users should upgrade to 2.0.0 or later version of Apache Ranger with the fix.
Credit: Jan Kaszycki from STM Solutions
Fixed in Ranger 1.2.0
...
CVE-2018-11778: Apache Ranger Stack based buffer overflow
...