org.apache.hugegraph:hugegraph-api and org.apache.hugegraph:hugegraph-core are vulnerable to Remote Code Execution.The vulnerability is due to improper input validation, allowing attackers to execute arbitrary commands remotely. This vulnerability is observed in Java8 and Java11.
CPE | Name | Operator | Version |
---|---|---|---|
hugegraph-api | le | 1.2.0 | |
hugegraph-core | le | 1.2.0 | |
hugegraph-api | le | 1.2.0 | |
hugegraph-core | le | 1.2.0 |
www.openwall.com/lists/oss-security/2024/04/22/3
github.com/advisories/GHSA-29rc-vq7f-x335
github.com/apache/incubator-hugegraph/commit/713d88d1fd9953c3c3e3f130389501910ba40e1d
hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9