Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.

Affected Packages

Maven org.apache.ranger:ranger

Affected versions: 2.3.0 (fixed in 2.4.0)

Related CVEs

CVE-2022-45048

Key Information

GHSA ID

GHSA-89gw-cffj-mqg9

Published

July 6, 2023 9:14 PM

Last Modified

July 6, 2023 11:09 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.ranger:ranger

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.