CVE-2016-8746: Untrusted Search Path

October 17, 2018 (updated November 21, 2023)

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.

References

www.securityfocus.com/bid/95998
cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
github.com/advisories/GHSA-xv7x-x6wr-xx7g
github.com/apache/ranger/commit/2fcd7f7cc175c0734443638b99c359e24c0f88ff
nvd.nist.gov/vuln/detail/CVE-2016-8746

Code Behaviors & Features

Detect and mitigate CVE-2016-8746 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →