{"id":"CVE-2016-8752","details":"Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.","aliases":["GHSA-m2rr-h6g4-9cm9","PYSEC-2017-105"],"modified":"2026-04-10T03:53:55.609085Z","published":"2017-08-29T20:29:00.437Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/atlas","events":[{"introduced":"0"},{"last_affected":"8f3eb0c29e99db7b59dbd85054333f796bc1edfa"},{"introduced":"0"},{"last_affected":"e48bd3558a81e0d4c104f315e623ed0f6200d169"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.7.1-rc2"},{"introduced":"0"},{"last_affected":"0.7.1-rc3"}]}}],"versions":["release-0.7-rc2","release-0.7.1-rc0","release-0.7.1-rc2","release-0.7.1-rc3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"0.6.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.6.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"0.7.0-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.7.0-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"0.7.1"}]},{"events":[{"introduced":"0"},{"last_affected":"0.7.1-rc1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8752.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}