CVE-2016-2174: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

October 17, 2018 (updated September 1, 2021)

SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.

References

github.com/advisories/GHSA-4rjf-mxfm-98h5
nvd.nist.gov/vuln/detail/CVE-2016-2174

Detect and mitigate CVE-2016-2174 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →