Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/6rpzwy1smdhr60tsh1ydknn3kdm45bb6 | Mailing List |
Configurations
History
No history.
Information
Published : 2023-05-05 08:15
Updated : 2024-10-15 19:35
NVD link : CVE-2022-45048
Mitre link : CVE-2022-45048
CVE.ORG link : CVE-2022-45048
JSON object : View
Products Affected
apache
- ranger
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')