Lucene search
GitHub Advisory DatabaseGHSA-29RC-VQ7F-X335HistoryApr 22, 2024 - 3:30 p.m.
Apache HugeGraph-Server: Command execution in gremlin
2024-04-2215:30:41
CWE-77
GitHub Advisory Database
github.com
31
apache hugegraph-server
rce vulnerability
versions 1.0.0 to 1.3.0
upgrade
version 1.3.0
java11
auth system
fix
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11
Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
Affected configurations
Node
org.apache.hugegraph\hugegraphMatchcore
ORorg.apache.hugegraph\hugegraphMatchapi
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.hugegraph:hugegraph-core | lt | 1.3.0 | |
| org.apache.hugegraph:hugegraph-api | lt | 1.3.0 |
References
www.openwall.com/lists/oss-security/2024/04/22/3
github.com/advisories/GHSA-29rc-vq7f-x335
github.com/apache/incubator-hugegraph/commit/713d88d1fd9953c3c3e3f130389501910ba40e1d
hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
nvd.nist.gov/vuln/detail/CVE-2024-27348
Related
nvd
nvd
CVE-2024-27348
2024-04-22 14:15:07
cve
cve
CVE-2024-27348
2024-04-22 14:15:07
osv
osv
Apache HugeGraph-Server: Command execution in gremlin
2024-04-22 15:30:41
githubexploit
githubexploit
Exploit for CVE-2024-27348
2024-06-03 19:08:24
Exploit for CVE-2024-27348
2024-05-31 20:11:37
Exploit for CVE-2024-27348
2024-06-12 08:14:39
nuclei
nuclei
Apache HugeGraph-Server - Remote Command Execution
2024-06-02 18:33:37
veracode
veracode
Remote Code Execution
2024-04-23 08:00:00
cvelist
cvelist
CVE-2024-27348 Apache HugeGraph-Server: Command execution in gremlin
2024-04-22 14:08:06