CVE-2024-45478: Apache Ranger has Stored Cross-site Scripting vulnerability in Edit Service Page

January 22, 2025 (updated June 10, 2025)

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

References

cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
github.com/advisories/GHSA-vrx2-mgr9-v67h
github.com/apache/ranger
nvd.nist.gov/vuln/detail/CVE-2024-45478

Code Behaviors & Features

Detect and mitigate CVE-2024-45478 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →