Administrators need to update immediately, as exploits only increase the risk of losing control of the server and data.
SecureLayer7 specialists provided a detailed analysis of the vulnerability in the popular Apache HugeGraph graph database, which allows Remote Code Execution( RCE).
CVE-2024-27348 (CVSS score: 9.8) is detected in HugeGraph-Server versions 1.0.0-1.3.0. Exploitation is performed by bypassing sandbox restrictions and executing remote code using specially generated Gremlin commands.
Gremlin commands exploit flaws in reflection filtering in SecurityManager, which allows attackers to gain full control of the server. The attack opens up the possibility of stealing confidential data, spying on the internal network, deploying ransomware, and other malicious activities.
Apache HugeGraph allows developers to build applications based on graph databases and is commonly used in Java 8 and Java 11 environments. The discovered vulnerability threatens many organizations that use Apache HugeGraph.
In April, when the problem was first disclosed, the Apache Software Foundation strongly recommended that users upgrade to version 1.3.0 and enable authentication to fix the flaw. To increase security, we also recommend enabling the "Whitelist-IP/port" feature, which improves the security of RESTful API execution.
Since PoC exploits became available, the probability of exploiting the bug has increased significantly. One of the exploits provided by bug hunter Milan Jovic allows an unauthenticated attacker to execute commands on vulnerable versions. Another developer, Zayad Azima, has released a Python scanner that, while designed for ethical purposes, also makes it easier to find vulnerable HugeGraph implementations.
Given the widespread availability of Apache HugeGraph and the severity of the CVE-2024-27348 vulnerability, upgrading to version 1.3.0 is an urgent need. If your project has not yet been updated to version 1.3.0, do so immediately to protect your data and infrastructure from possible attacks.
SecureLayer7 specialists provided a detailed analysis of the vulnerability in the popular Apache HugeGraph graph database, which allows Remote Code Execution( RCE).
CVE-2024-27348 (CVSS score: 9.8) is detected in HugeGraph-Server versions 1.0.0-1.3.0. Exploitation is performed by bypassing sandbox restrictions and executing remote code using specially generated Gremlin commands.
Gremlin commands exploit flaws in reflection filtering in SecurityManager, which allows attackers to gain full control of the server. The attack opens up the possibility of stealing confidential data, spying on the internal network, deploying ransomware, and other malicious activities.
Apache HugeGraph allows developers to build applications based on graph databases and is commonly used in Java 8 and Java 11 environments. The discovered vulnerability threatens many organizations that use Apache HugeGraph.
In April, when the problem was first disclosed, the Apache Software Foundation strongly recommended that users upgrade to version 1.3.0 and enable authentication to fix the flaw. To increase security, we also recommend enabling the "Whitelist-IP/port" feature, which improves the security of RESTful API execution.
Since PoC exploits became available, the probability of exploiting the bug has increased significantly. One of the exploits provided by bug hunter Milan Jovic allows an unauthenticated attacker to execute commands on vulnerable versions. Another developer, Zayad Azima, has released a Python scanner that, while designed for ethical purposes, also makes it easier to find vulnerable HugeGraph implementations.
Given the widespread availability of Apache HugeGraph and the severity of the CVE-2024-27348 vulnerability, upgrading to version 1.3.0 is an urgent need. If your project has not yet been updated to version 1.3.0, do so immediately to protect your data and infrastructure from possible attacks.
