Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

8.1CVSS5.4AI score0.00464EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.20 views

Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

8.1CVSS5.8AI score0.00464EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/04 6:30 p.m.6 views

GHSA-35XX-9XRG-GWHF Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

7.1CVSS5.8AI score0.00464EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/04 5:28 p.m.8 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the DSL search endpoint. An attacker can execute arbitrary code by placing malicious Gremlin traversal logic within grammar-allowed characters to access unintended data. Note: This is only exploitable if the...

8.1CVSS6.2AI score0.00464EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 3:17 p.m.5 views

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

7.1CVSS5.8AI score0.00464EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/04 3:17 p.m.7 views

EUVD-2026-26979

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

7.1CVSS5.8AI score0.00464EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

Apache Atlas 代码注入漏洞

Apache Atlas is a scalable and extensible core feature governance service developed by the Apache Foundation in the United States. Version 0.8 to 2.4.0 of Apache Atlas contains a code injection vulnerability. This vulnerability stems from the DSL search endpoint accepting query strings provided b...

8.1CVSS5.9AI score0.00464EPSS
Exploits0References1
Rows per page
Query Builder