[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin
From: Imba Jin <jin () apache ! org>
Date: 2024-04-22 7:37:38
Message-ID: CA+th4MLqu7Fb+XM_RZxBcFMJJAnhoPqKWMMmWGCCg1j_YA2x8A () mail ! gmail ! com
[Download RAW message or body]
Severity: important
Affected versions:
- Apache HugeGraph-Server 1.0.0 before 1.3.0
Description:
RCE-Remote Command Execution vulnerability in Apache
HugeGraph-Server.This issue affects Apache HugeGraph-Server: from
1.0.0 before 1.3.0 in Java8 & Java11
Users are recommended to upgrade to version 1.3.0 with Java11 & enable
the Auth system, which fixes the issue.
Also you could enable the "Whitelist-IP/port" function to improve the
security of RESTful-API execution
Credit:
6right of moresec (reporter)
References:
https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
https://hugegraph.apache.org/docs/download/download/
https://www.cve.org/CVERecord?id=CVE-2024-27348
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic