Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix.

Affected Packages

Maven org.apache.ranger:ranger

Affected versions: 0.7.0 (fixed in 2.0.0)

Related CVEs

CVE-2019-12397

Key Information

GHSA ID

GHSA-fpqp-v323-44xv

Published

August 16, 2019 2:01 PM

Last Modified

August 17, 2021 8:42 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.ranger:ranger

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.