Qx L

**Name of the Vulnerable Software and Affected Versions** Apache Atlas versions 0.8 through 2.4.0 **Description** An improper control of code generation issue exists in the DSL search endpoint, which accepts user-supplied query strings. An attacker can alter Gremlin traversal logic using grammar-allowed characters to access unintended data. For versions 2.0 and later, this issue only occurs when the software is deployed with the non-default configuration `atlas.dsl.executor.traversal=false`. **Recommendations** Upgrade to version 2.5.0.