Security researchers warn that a critical Apache HugeGraph vulnerability is attacked
Take action: If you are using Apache HugeGraph, it's time to move faster. Attacks are imminent, so either lock down your HugeGraph from the internet or plan patch ASAP. Preferably both.
Learn More
The Shadowserver foundation is warning that a remote code execution vulnerability in Apache HugeGraph Server, tracked as CVE-2024-27348, has been actively targeted by threat actors.
This open-source tool, used in Java 8 and Java 11 environments, supports users in building applications and products based on graph databases.
This remote code execution flaw affects Apache HugeGraph Server from version 1.0.0 to the version before 1.3.0 in Java 8 and Java 11. It allows threat actors to bypass sandbox restrictions and execute code remotely via the Gremlin query language.
According to the Shadowserver Foundation, exploitation attempts were observed starting June 6, 2024, with a significant increase reported around June 20, 2024. Attempts peaked between June 29 and July 6, 2024, with several thousand attempts recorded on some days.
Researchers from SecureLayer7 highlighted that the bug allows attackers to access and manipulate various methods, ultimately enabling them to bypass security checks. This could lead to the execution of arbitrary commands on the server, allowing attackers full control over the server.
Users running affected versions of HugeGraph Server should upgrade to version 1.3.0 with Java 11 and enable the Auth system to mitigate this vulnerability.
