Description
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
Remediation
References
http://www.securityfocus.com/bid/95998
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
Related Vulnerabilities
CVE-2016-5004 Vulnerability in maven package org.apache.xmlrpc:xmlrpc
CVE-2020-11996 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-26256 Vulnerability in npm package fast-csv
CVE-2018-16462 Vulnerability in npm package apex-publish-static-files
CVE-2020-4038 Vulnerability in npm package graphql-playground-html