CVE-2024-55532
CRITICALDescription
Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.
Is your site exposed to CVE-2024-55532?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | ranger |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-55532? +
How severe is CVE-2024-55532? +
What products are affected by CVE-2024-55532? +
How do I check if I'm vulnerable to CVE-2024-55532? +
Related Vulnerabilities
Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores the request User-Agent header and ReportsController::postActivityReport() writes that …
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory …
Data provided in a request performed to the server while activating a new device are put in a database. Other …
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload …
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying …
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data …