oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin

From: Imba Jin <jin () apache org>
Date: Mon, 22 Apr 2024 15:37:38 +0800
Severity: important

Affected versions:

- Apache HugeGraph-Server 1.0.0 before 1.3.0

Description:

RCE-Remote Command Execution vulnerability in Apache
HugeGraph-Server.This issue affects Apache HugeGraph-Server: from
1.0.0 before 1.3.0 in Java8 & Java11

Users are recommended to upgrade to version 1.3.0 with Java11 & enable
the Auth system, which fixes the issue.

Also you could enable the "Whitelist-IP/port" function to improve the
security of RESTful-API execution

Credit:

6right of moresec (reporter)

References:

https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
https://hugegraph.apache.org/docs/download/download/
https://www.cve.org/CVERecord?id=CVE-2024-27348
Previous By Date Next
Previous By Thread Next

Current thread: