PRP: CVE-2024-27348 - RCE in Apache HugeGraph Server #530
Assignees
Labels
Contributor queue
When a contributor has already one issue/PR in review, we put the following ones on hold with this.
Comments
|
Hi @hayageek, Let's wait on your 2 AI-PRP submissions before we take a decision on this one. Cheers, |
tooryx
added
the
Contributor queue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Team,
I would like to implement a plugin to detect CVE-2024-27348 which is related to Apache HugeGraph.
Details:
https://nvd.nist.gov/vuln/detail/CVE-2024-27348
GHSA-29rc-vq7f-x335
Repository: https://github.com/apache/incubator-hugegraph/
Details:
An RCE (Remote Command Execution) vulnerability has been identified in Apache HugeGraph Server, affecting versions from 1.0.0 up to, but not including, 1.3.0 in both Java 8 and Java 11 environments. By default, the Gremlin API has authentication disabled, which allows an attacker to make API requests and execute RCE.
Users are strongly advised to upgrade to version 1.3.0 with Java 11 and enable the authentication system to mitigate this vulnerability.
A POC has already been released on GitHub: CVE-2024-27348 Scanner
The text was updated successfully, but these errors were encountered: