CVE-2017-7676

Description

Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.

Affected packages (1)

• Maven/org.apache.ranger:rangerfrom 0, < 0.7.1

CVSS scores

References (4)

• ADVISORYhttps://github.com/advisories/GHSA-758m-6g3q-g3hh
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-7676
• WEBhttps://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
• WEBhttp://www.securityfocus.com/bid/98958