CVE-2024-45478: Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input

[Velmurugan Periasamy <vel () apache org>]

Severity: moderate

Affected versions:

- Apache Ranger 2.4.0 before 2.5.0

Description:

Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0.
Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

Credit:

Gyujin (biz () web-us kr) (finder)

References:

https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
https://ranger.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-45478