CVE-2022-34271
Apache Atlas: zip path traversal in import functionality
8.8
HIGH
CVSS 3.1
EPSS 0.22%
Description
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
How to fix CVE-2022-34271
To remediate CVE-2022-34271, upgrade the affected package to a fixed version below.
- Maven/org.apache.atlas:apache-atlas—upgrade to 2.3.0 or later
Is CVE-2022-34271 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 0.8.4, < 2.3.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |