CVE-2024-45479

CRITICAL

Apache Ranger 2.4.0 - SSRF

Title source: llm

Description

SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

References (2)

Scores

CVSS v3 9.1
EPSS 0.0029
EPSS Percentile 51.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE
CWE-918
Status published

Affected Products (2)

apache/ranger < 2.5.0
org.apache.ranger/ranger < 2.5.0Maven

Timeline

Published Jan 21, 2025
Tracked Since Feb 18, 2026