Lucene search
Veracode Vulnerability DatabaseVERACODE:46588HistoryApr 23, 2024 - 8:00 a.m.
Remote Code Execution
2024-04-2308:00:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
remote code execution
org.apache.hugegraph
input validation
java8
java11
vulnerability
org.apache.hugegraph:hugegraph-api and org.apache.hugegraph:hugegraph-core are vulnerable to Remote Code Execution.The vulnerability is due to improper input validation, allowing attackers to execute arbitrary commands remotely. This vulnerability is observed in Java8 and Java11.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hugegraph-api | le | 1.2.0 | |
| hugegraph-core | le | 1.2.0 | |
| hugegraph-api | le | 1.2.0 | |
| hugegraph-core | le | 1.2.0 |
References
www.openwall.com/lists/oss-security/2024/04/22/3
github.com/advisories/GHSA-29rc-vq7f-x335
github.com/apache/incubator-hugegraph/commit/713d88d1fd9953c3c3e3f130389501910ba40e1d
hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
Related
nvd
nvd
CVE-2024-27348
2024-04-22 14:15:07
cve
cve
CVE-2024-27348
2024-04-22 14:15:07
osv
osv
Apache HugeGraph-Server: Command execution in gremlin
2024-04-22 15:30:41
githubexploit
githubexploit
Exploit for CVE-2024-27348
2024-06-03 19:08:24
Exploit for CVE-2024-27348
2024-05-31 20:11:37
Exploit for CVE-2024-27348
2024-06-12 08:14:39
nuclei
nuclei
Apache HugeGraph-Server - Remote Command Execution
2024-06-02 18:33:37
cvelist
cvelist
CVE-2024-27348 Apache HugeGraph-Server: Command execution in gremlin
2024-04-22 14:08:06
github
github
Apache HugeGraph-Server: Command execution in gremlin
2024-04-22 15:30:41