Atlas

CVEs (8)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-40563	Hig	0.53	8.1	0.00	May 4, 2026	Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect Version: This issue affects Apache Atlas: from 0.8 through 2.4.0. For the affect version >= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration. atlas.dsl.executor.traversal=false Mitigation: Users are recommended to upgrade to version 2.5.0, which fixes the issue.
CVE-2017-3154	Hig	0.49	7.5	0.01	Aug 29, 2017	Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.
CVE-2016-8752	Hig	0.49	7.5	0.01	Aug 29, 2017	Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
CVE-2017-3155	Med	0.40	6.1	0.02	Aug 29, 2017	Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.
CVE-2017-3153	Med	0.40	6.1	0.01	Aug 29, 2017	Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality.
CVE-2017-3152	Med	0.40	6.1	0.01	Aug 29, 2017	Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality.
CVE-2017-3151	Med	0.40	6.1	0.01	Aug 29, 2017	Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.
CVE-2017-3150	Med	0.40	6.1	0.01	Aug 29, 2017	Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script.