org.apache.atlas:apache-atlas 0.5-incubating vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.atlas:apache-atlas package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Cross-site Scripting (XSS) org.apache.atlas:apache-atlas is a Data Governance and Metadata framework for Hadoop Affected versions of this package are vulnerable to Cross-site Scripting (XSS). While saving search or rendering elements values are not sanitized correctly. How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.atlas:apache-atlas` to version 2.1.0 or higher.	[,2.1.0)
M Cross-site Scripting (XSS) org.apache.atlas:apache-atlas is a Data Governance and Metadata framework for Hadoop Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Unknown components within Apache Atlas are vulnerable to Stored Cross-Site Scripting which can be exploited through the search functionality. How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.atlas:apache-atlas` to version 0.8.4, 1.2.0 or higher.	[,0.8.4)[1.0.0,1.2.0)
M Cross-site Scripting (XSS) `org.apache.atlas:apache-atlas` is a scalable and extensible set of core foundational governance services. Affected versions of the package are vulnerable to Cross-Frame Scripting (XSS). How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.atlas:apache-atlas` to version 0.7.1-incubating or higher.	[,0.7.1-incubating)
H Information Exposure `org.apache.atlas:apache-atlas` is a scalable and extensible set of core foundational governance services. Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. How to fix Information Exposure? Upgrade `org.apache.atlas:apache-atlas` to version 0.7.1-incubating or higher.	[,0.7.1-incubating)
M Cross-site Scripting (XSS) `org.apache.atlas:apache-atlas` is a scalable and extensible set of core foundational governance services. Affected versions of the package are vulnerable to Reflected Cross-site Scripting (XSS) via the search functionality. How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.atlas:apache-atlas` to version 0.7.1-incubating or higher.	[,0.7.1-incubating)
M Cross-site Scripting (XSS) `org.apache.atlas:apache-atlas` is a scalable and extensible set of core foundational governance services. Affected versions of the package are vulnerable to DOM Cross-site Scripting (XSS) via the edit-tag functionality. How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.atlas:apache-atlas` to version 0.7.1-incubating or higher.	[,0.7.1-incubating)
M Cross-site Scripting (XSS) `org.apache.atlas:apache-atlas` is a scalable and extensible set of core foundational governance services. Affected versions of the package are vulnerable to Stored Cross-site Scripting (XSS) via the edit-tag functionality. How to fix Cross-site Scripting (XSS)? Upgrade `org.apache.atlas:apache-atlas` to version 0.7.1-incubating or higher.	[,0.7.1-incubating)
M Use of Insecure Cookies `org.apache.atlas:apache-atlas` is a scalable and extensible set of core foundational governance services. Affected versions of the package are vulnerable to Use of Insecure Cookies, that could be accessible to client-side script. How to fix Use of Insecure Cookies? Upgrade `org.apache.atlas:apache-atlas` to version 0.7.1-incubating or higher.	[,0.7.1-incubating)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.apache.atlas:apache-atlas is a Data Governance and Metadata framework for Hadoop

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). While saving search or rendering elements values are not sanitized correctly.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.atlas:apache-atlas to version 2.1.0 or higher.

[,2.1.0)

Cross-site Scripting (XSS)

org.apache.atlas:apache-atlas is a Data Governance and Metadata framework for Hadoop

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Unknown components within Apache Atlas are vulnerable to Stored Cross-Site Scripting which can be exploited through the search functionality.

How to fix Cross-site Scripting (XSS)?

Upgrade org.apache.atlas:apache-atlas to version 0.8.4, 1.2.0 or higher.

[,0.8.4)[1.0.0,1.2.0)

Cross-site Scripting (XSS)