CVE

GHSA-29rc-vq7f-x335

Apache HugeGraph-Server: Command execution in gremlin

CVE

GHSA-29rc-vq7f-x335

Apache HugeGraph-Server: Command execution in gremlin

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11

Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

9.8

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

9.8

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-27348, https://github.com/apache/incubator-hugegraph/commit/713d88d1fd9953c3c3e3f130389501910ba40e1d, https://github.com/apache/incubator-hugegraph, https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication, https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9, https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-27348, https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-apache-hugegraph-server-cve-2024-27348, http://www.openwall.com/lists/oss-security/2024/04/22/3

Severity

9.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

9.8

EPSS Probability

0.94344%

EPSS Percentile

0.99953%

Introduced Version

1.0.0

Fix Available

1.3.0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

GHSA-29rc-vq7f-x335