Maven package
org.apache.atlas/atlas-common
pkg:maven/org.apache.atlas/atlas-common
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-3155 | Med | 6.1 | >= 0.6.0-incubating, < 0.7.1-incubating | 0.7.1-incubating | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | |
| CVE-2017-3154 | Hig | 7.5 | >= 0.6.0-incubating, < 0.7.1-incubating | 0.7.1-incubating | Aug 29, 2017 | Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | |
| CVE-2017-3153 | Med | 6.1 | >= 0.6.0-incubating, < 0.7.1-incubating | 0.7.1-incubating | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | |
| CVE-2017-3152 | Med | 6.1 | >= 0.6.0-incubating, < 0.7.1-incubating | 0.7.1-incubating | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | |
| CVE-2017-3151 | Med | 6.1 | >= 0.6.0-incubating, < 0.7.1-incubating | 0.7.1-incubating | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. | |
| CVE-2017-3150 | Med | 6.1 | >= 0.6.0-incubating, < 0.7.1-incubating | 0.7.1-incubating | Aug 29, 2017 | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | |
| CVE-2016-8752 | Hig | 7.5 | >= 0.6.0-incubating, < 0.8-incubating | 0.8-incubating | Aug 29, 2017 | Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. |
- affected >= 0.6.0-incubating, < 0.7.1-incubatingfixed 0.7.1-incubating
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
- affected >= 0.6.0-incubating, < 0.7.1-incubatingfixed 0.7.1-incubating
Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
- affected >= 0.6.0-incubating, < 0.7.1-incubatingfixed 0.7.1-incubating
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
- affected >= 0.6.0-incubating, < 0.7.1-incubatingfixed 0.7.1-incubating
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
- affected >= 0.6.0-incubating, < 0.7.1-incubatingfixed 0.7.1-incubating
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
- affected >= 0.6.0-incubating, < 0.7.1-incubatingfixed 0.7.1-incubating
Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.
- affected >= 0.6.0-incubating, < 0.8-incubatingfixed 0.8-incubating
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.