Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.

Affected Packages

Maven org.apache.ranger:ranger

Affected versions: 0 (fixed in 0.7.1)

Related CVEs

CVE-2017-7676

Key Information

GHSA ID

GHSA-758m-6g3q-g3hh

Published

October 17, 2018 5:22 PM

Last Modified

April 27, 2022 1:54 PM

CVSS Score

9.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.ranger:ranger

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.