Maven package
org.apache.atlas/apache-atlas
pkg:maven/org.apache.atlas/apache-atlas
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40563 | Hig | 8.1 | >= 0.8, < 2.5.0 | 2.5.0 | May 4, 2026 | Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access uninten | |
| CVE-2024-46910 | — | >= 2.0.0, < 2.4.0 | 2.4.0 | Feb 13, 2025 | An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue. | ||
| CVE-2022-34271 | — | >= 0.8.4, < 2.3.0 | 2.3.0 | Dec 14, 2022 | A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. | ||
| CVE-2020-13928 | — | < 2.1.0 | 2.1.0 | Sep 16, 2020 | Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. | ||
| CVE-2019-10070 | — | < 0.8.4 | 0.8.4 | Nov 18, 2019 | Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality |
- affected >= 0.8, < 2.5.0fixed 2.5.0
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access uninten
- CVE-2024-46910Feb 13, 2025affected >= 2.0.0, < 2.4.0fixed 2.4.0
An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.
- CVE-2022-34271Dec 14, 2022affected >= 0.8.4, < 2.3.0fixed 2.3.0
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
- CVE-2020-13928Sep 16, 2020affected < 2.1.0fixed 2.1.0
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
- CVE-2019-10070Nov 18, 2019affected < 0.8.4fixed 0.8.4
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality