Critical flaw reported in Apache HugeGraph-Server
Take action: If you are running Apache HugeGraph-Server, you should plan a quick patch. A graph server is very probably exposed on the internet by design, so isolation may work if you can pull it. But definitely plan to patch.
Learn More
A critical vulnerability has been identified in Apache HugeGraph-Server allowing unauthorized system access.
The flaw is tracked as CVE-2024-43441 (CVSS score 9.8). This vulnerability involves improper handling of JWT tokens that could enable authentication bypass.
Affected Versions are Apache HugeGraph-Server versions 1.0 through 1.3 (prior to 1.5.0)
Apache has patched this vulnerability in HugeGraph-Server version 1.5.0. Users should upgrade immediately as no workarounds are available.
