org.apache.atlas:atlas-authorization (=0.7-incubating), org.apache.atlas:atlas-client (=0.7-incubating) +9 more potentially affected by CVE-2017-3154 via org.apache.atlas:atlas-common (=0.7-incubating)

org.apache.atlas:atlas-common MAVEN version =0.7-incubating is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.atlas:atlas-common and may be impacted: - org.apache.atlas:atlas-authorization =0.7-incubating - org.apache.atlas:atlas-client...

CVE-2017-3154

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...

amundsen-metadata (>=3.5.0 <=3.13.0), amundsen-metadata-neo4j4 (>=3.9.0 <=3.9.0.post1) +1 more potentially affected by CVE-2017-3154 via apache-atlas (>=0.0.11 <=0.0.15)

apache-atlas PYPI version =0.0.11, =3.5.0, =3.9.0, =0.1.7, =0.1.9 Source cves: CVE-2017-3154 Source advisory: OSV:PYSEC-2017-110...

CVE-2017-3154

CVE-2017-3154 affects Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating. The underlying issue is that error responses reveal a stack trace, leading to information exposure. The available documents describe the vulnerability as an information-disclosure flaw but do not provide details on...