Headline
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are
Vulnerability / Data Security
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks.
Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.
“Users are recommended to upgrade to version 1.3.0 with Java11 and enable the Auth system, which fixes the issue,” the Apache Software Foundation noted in late April 2024. “Also you could enable the ‘Whitelist-IP/port’ function to improve the security of RESTful-API execution.”
Additional technical specifics about the flaw were released by penetration testing company SecureLayer7 in early June, stating it enables an attacker to bypass sandbox restrictions and achieve code execution, giving them complete control over a susceptible server.
This week, the Shadowserver Foundation said it spotted in-the-wild exploitation attempts that leverage the flaw, making it imperative that users move quickly to apply the latest fixes.
“We are observing Apache HugeGraph-Server CVE-2024-27348 RCE ‘POST /gremlin’ exploitation attempts from multiple sources,” it said. "[Proof-of-concept] code is public since early June. If you run HugeGraph, make sure to update."
Vulnerabilities discovered in Apache projects have been lucrative attack vectors for the nation-state and financially motivated threat actors in recent years, with flaws in Log4j, ActiveMQ, and RocketMQ coming under heavy exploitation to infiltrate target environments.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices — and enterprise servers.
Aqua Nautilus researchers have discovered a campaign powering a series of large-scale DDoS attacks launched by Matrix, which…
GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass. The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week. The
This Metasploit module exploits CVE-2024-27348, a remote code execution vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve remote code execution through Gremlin, resulting in complete control over the server.
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.