CVE-2024-55532

CVE-2024-55532

Name

CVE-2024-55532

Description

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
vendor-advisory	https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/03/03/2

Type

URI

vendor-advisory

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/03/03/2

CPE URI	Source package	Min version	Max version
	apache-ranger	>= 0	<= 2.5.0
`cpe:2.3:a:apache:ranger::::::::`	ranger	>= None	< 2.6.0

CPE URI

Source package

Min version

Max version

apache-ranger

>= 0

<= 2.5.0

cpe:2.3:a:apache:ranger:*:*:*:*:*:*:*:*

ranger

>= None

< 2.6.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
ranger	edge-community	1.9.4-r0	John Anthony <john@jo.hnanthony.com>	possibly vulnerable
ranger	3.22-community	1.9.4-r0	John Anthony <john@jo.hnanthony.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

ranger

edge-community

1.9.4-r0

John Anthony <john@jo.hnanthony.com>

possibly vulnerable

ranger

3.22-community

1.9.4-r0

John Anthony <john@jo.hnanthony.com>

possibly vulnerable

References

Match rules

Vulnerable and fixed packages