ranger icon indicating copy to clipboard operation
ranger copied to clipboard
verified publisher icon apache

RANGER-4954: Fix multiple vulnerabilities

Open FerArribas14 opened this issue 1 year ago • 3 comments

What changes were proposed in this pull request?

RANGER-4954 Fix multiple vulnerabilities

CVE-2024-47561⁠ CVE-2023-39410 CVE-2022-26612⁠ CVE-2024-23454⁠ CVE-2023-25613⁠ CVE-2024-7254⁠ CVE-2022-3510⁠ CVE-2022-3509⁠ CVE-2021-22570⁠ CVE-2021-22569 CVE-2022-3171 CVE-2022-25857⁠ CVE-2022-1471⁠ CVE-2022-41854⁠ CVE-2022-38752⁠ CVE-2022-38751⁠ CVE-2022-38750⁠ CVE-2022-38749⁠ CVE-2023-31418⁠ CVE-2024-23450⁠ CVE-2024-23444⁠ CVE-2023-49921⁠ CVE-2023-46673⁠ CVE-2023-31419⁠ CVE-2023-31417⁠ CVE-2021-22144⁠ CVE-2021-22135⁠ CVE-2021-22134⁠ CVE-2023-46589⁠ CVE-2024-24549⁠ CVE-2024-23672⁠ CVE-2024-25710 CVE-2024-26308⁠ CVE-2023-43642⁠ CVE-2024-22201⁠ CVE-2024-36114⁠ CVE-2024-25638⁠ CVE-2024-47554⁠ CVE-2024-7254⁠

How was this patch tested?

By running ./ranger_in_docker up and testing all the functionalities of Apache ranger

FerArribas14 avatar Oct 09 '24 09:10 FerArribas14

Thanks @FerArribas14 for reporting the CVEs, from the description this seems to be too many issues to be tracked in a single PR. Could you please split this into multiple PRs, maybe based on severity - like one for Critical CVEs and one for High CVEs. thanks

CC: @mneethiraj

kumaab avatar Oct 11 '24 22:10 kumaab

@FerArribas14 As @kumaab mentioned could you please list down the CVE's with severity and create small PR's if possible .Adding all the CVE's in one PR will be difficult to see the impact analysis while reviewing

ramackri avatar Oct 14 '24 03:10 ramackri

@ramackri, @kumaab Perfect, I think it's a good idea. All the vulnerabilities I have resolved are Critical and High. Therefore, I separate the PR into these two severities. Do you agree?

FerArribas14 avatar Oct 14 '24 08:10 FerArribas14