High severity8.8NVD Advisory· Published Apr 11, 2016· Updated Jun 17, 2026
CVE-2016-0735
CVE-2016-0735
Description
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ranger:rangerMaven | >= 0.5.0, < 0.5.2 | 0.5.2 |
Affected products
3Patches
Vulnerability mechanics
References
4- mail-archives.apache.org/mod_mbox/ranger-dev/201603.mbox/%3CD31EE434.14B879%25vel%40apache.org%3EnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-22v7-w6c5-v4rrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-0735ghsaADVISORY
- github.com/apache/ranger/commit/18f216d0201eab93daea0b57035f7e6e3280bcfdghsaWEB
News mentions
0No linked articles in our index yet.