This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

🔊 Web Growth Summit is here! Learn from industry experts on July 17-18, 2024. REGISTER NOW→

POC Exploit Code Published for Critical Apache HugeGraph RCE Vulnerability

Updated on June 7, 2024

2 Min Read
POC Exploit Code Critical Apache HugeGraph RCE Vulnerability


If you haven’t upgraded to version 1.3.0 of Apache HugeGraph, now is the time. At least two proof-of-concept (POC) exploits for a CVSS 9.8-rated remote command execution (RCE) vulnerability in the open-source graph database have been made public.

Apache HugeGraph is widely used by developers to build applications based on graph databases, commonly in Java 8 and Java 11 environments.

In late April, the Apache Software Foundation disclosed a critical vulnerability, identified as CVE-2024-27348, in versions of HugeGraph-Server before the 1.3.0 release. The exploit code for this vulnerability is now available on GitHub.

The CVE-2024-27348 flaw can be exploited to bypass sandbox restrictions and achieve remote code execution by using specially crafted Gremlin commands that take advantage of missing reflection filtering in the SecurityManager.

via GIPHY

SecureLayer7, a penetration testing firm, has provided a detailed analysis of the CVE, emphasizing the urgency for administrators to address this issue. If exploited, the flaw allows attackers to gain complete control over the server, steal confidential data, explore the victim organization’s internal network, deploy ransomware, and conduct other malicious activities.

In April, the open-source project urged users to upgrade to version 1.3.0 with Java 11 and enable the Auth system to mitigate the vulnerability. Apache credited “6right” from Chinese cloud security vendor Moresec for discovering and reporting the flaw. Additionally, project maintainers recommended enabling the “Whitelist-IP/port” function to enhance the security of RESTful-API execution.

via GIPHY

Two notable POC exploits have been released: one by bug bounty hunter Milan Jovic, which allows unauthenticated users to execute OS commands on vulnerable versions, and another by developer Zeyad Azima, who released a Python scanner intended for ethical use to identify vulnerable HugeGraph implementations.

Given the widespread use of Apache HugeGraph and the severity of this flaw, it’s crucial to upgrade to the fixed version as soon as possible. The urgency is heightened by the release of these POC exploits, which could be abused by malicious actors.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Start Growing with Cloudways Today.

Our Clients Love us because we never compromise on these

Abdul Rehman

Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.

×

Thankyou for Subscribing Us!

×

Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Want to Experience the Cloudways Platform in Its Full Glory?

Take a FREE guided tour of Cloudways and see for yourself how easily you can manage your server & apps on the leading cloud-hosting platform.

Start my tour

CYBER WEEK SAVINGS

  • 0

    Days

  • 0

    Hours

  • 0

    Mints

  • 0

    Sec

GET OFFER

For 4 Months &
40 Free Migrations

For 4 Months &
40 Free Migrations

Upgrade Now