org.apache.atlas:apache-atlas
Maven5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.atlas:apache-atlaspage 1 of 1
- CVE-2019-10070MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.2.02019-11-18
vulnerable: 1.0.0, 1.1.0
Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality
- CVE-2020-13928MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.1.02020-09-16
vulnerable: 0.5-incubating ... 2.0.0 (14 versions)
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
- CVE-2022-34271HIGHCVSS 8.8EG 8.8✓ Fixed in 2.3.02022-12-14
vulnerable: 0.8.4 ... 2.2.0 (8 versions)
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
- CVE-2024-46910HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.02025-02-13
vulnerable: 2.0.0, 2.1.0, 2.2.0, 2.3.0
An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.
- CVE-2026-40563HIGHCVSS 8.1EG 8.1✓ Fixed in 2.5.02026-05-04
vulnerable: 0.8-incubating ... 2.4.0 (14 versions)
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within gra…
Check whether org.apache.atlas:apache-atlas is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.atlas:apache-atlas CVEs against the assets you own.
Start Free Scan →