CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-55532 – Apache Ranger: Improper Neutralization of Formula Elements in a CSV File
https://notcve.org/view.php?id=CVE-2024-55532
03 Mar 2025 — Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue. Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue. • https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45479 – Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
https://notcve.org/view.php?id=CVE-2024-45479
21 Jan 2025 — SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. • https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger • CWE-20: Improper Input Validation CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45478 – Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
https://notcve.org/view.php?id=CVE-2024-45478
21 Jan 2025 — Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. • https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •