CVE-2024-45479: Apache Ranger UI vulnerable to Server Side Request Forgery

January 22, 2025 (updated January 27, 2025)

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

References

cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
github.com/advisories/GHSA-g9gf-g5jq-9h3v
github.com/apache/ranger
nvd.nist.gov/vuln/detail/CVE-2024-45479

Code Behaviors & Features

Detect and mitigate CVE-2024-45479 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →