GHSA-8qff-qr5q-5pr8: OpenPGP.js's message signature verification can be spoofed

GHSA-9x73-87fh-54w9: Gardener allows metadata injection for a project secret which can lead to privilege escalation

GHSA-3hw7-qj9h-r835: Gardener allows bypassing project secret validation which can lead to privilege escalation

GHSA-xwgg-m7fx-83wx: Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation

GHSA-5rjg-fvgr-3xxf: setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0.
Users are recommended to upgrade to version 2.6.0, which fixes this issue.

**Apache Ranger Improper Neutralization of Formula Elements vulnerability**

Low severity GitHub Reviewed Published Mar 3, 2025 to the GitHub Advisory Database • Updated Mar 3, 2025

Headline

GHSA-2h4w-p9fh-9rmv: Apache Ranger Improper Neutralization of Formula Elements vulnerability

ghsa: Latest News