{"id":"PYSEC-2017-105","details":"Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.","aliases":["CVE-2016-8752","GHSA-m2rr-h6g4-9cm9"],"modified":"2025-10-09T05:26:30.810449Z","published":"2017-08-29T20:29:00Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/f7435d66b840daa2a38ad1329d639b70f5a9476e7580ae885d422e86%40%3Cdev.atlas.apache.org%3E"}],"affected":[{"package":{"name":"apache-atlas","ecosystem":"PyPI","purl":"pkg:pypi/apache-atlas"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.1","0.0.11","0.0.12","0.0.13","0.0.14","0.0.2","0.0.3","0.0.4","0.0.5","0.0.15","0.0.16"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-atlas/PYSEC-2017-105.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}