CVE
CVE-2024-27348
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11Users are recommended to upgrade to version...
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11
Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
9.8
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
C
H
U
-
Related Resources
No items found.
References
https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication, https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27348, http://www.openwall.com/lists/oss-security/2024/04/22/3, https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9, https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-apache-hugegraph-server-cve-2024-27348
Basic Information
Ecosystem
