GHSA-v7mf-qgxf-qmvf

Опубликовано: 17 окт. 2018

Источник: github

Github: Прошло ревью

CVSS3: 4.8

Описание

Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies

Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.

Ссылки

Пакеты

Наименование

org.apache.ranger:ranger

maven

Затронутые версииВерсия исправления

< 0.6.3

0.6.3

EPSS

Процентиль: 39%

0.00177

Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2016-8751

Дефекты

CWE-79

Связанные уязвимости

CVE-2016-8751

CVSS3: 4.8

nvd

больше 8 лет назад

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.

EPSS

Процентиль: 39%

0.00177

Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2016-8751

Дефекты

CWE-79