RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11
Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/04/22/3 | Mailing List Third Party Advisory |
https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication | Product |
https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 | Mailing List Vendor Advisory |
http://www.openwall.com/lists/oss-security/2024/04/22/3 | Mailing List Third Party Advisory |
https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication | Product |
https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 | Mailing List Vendor Advisory |
https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-apache-hugegraph-server-cve-2024-27348 |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 09:04
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () http://www.openwall.com/lists/oss-security/2024/04/22/3 - Mailing List, Third Party Advisory | |
References | () https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication - Product | |
References | () https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 - Mailing List, Vendor Advisory |
19 Sep 2024, 19:55
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References | () http://www.openwall.com/lists/oss-security/2024/04/22/3 - Mailing List, Third Party Advisory | |
References | () https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication - Product | |
References | () https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 - Mailing List, Vendor Advisory | |
CPE | cpe:2.3:a:oracle:jdk:11:*:*:*:*:*:*:* cpe:2.3:a:oracle:jre:8:*:*:*:*:*:*:* cpe:2.3:a:oracle:jre:11:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdk:8:*:*:*:*:*:*:* cpe:2.3:a:apache:hugegraph:*:*:*:*:*:*:*:* |
|
First Time |
Oracle jre
Oracle Apache hugegraph Apache Oracle jdk |
01 Aug 2024, 13:48
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-284 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
01 May 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
22 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-22 14:15
Updated : 2024-11-21 09:04
NVD link : CVE-2024-27348
Mitre link : CVE-2024-27348
CVE.ORG link : CVE-2024-27348
JSON object : View
Products Affected
apache
- hugegraph
oracle
- jdk
- jre
CWE