CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:apache:hugegraph:*:*:*:*:*:*:*:*
OR cpe:2.3:a:oracle:jdk:8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11:*:*:*:*:*:*:*

History

21 Nov 2024, 09:04

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-apache-hugegraph-server-cve-2024-27348 -
References () http://www.openwall.com/lists/oss-security/2024/04/22/3 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2024/04/22/3 - Mailing List, Third Party Advisory
References () https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication - Product () https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication - Product
References () https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 - Mailing List, Vendor Advisory () https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 - Mailing List, Vendor Advisory

19 Sep 2024, 19:55

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () http://www.openwall.com/lists/oss-security/2024/04/22/3 - () http://www.openwall.com/lists/oss-security/2024/04/22/3 - Mailing List, Third Party Advisory
References () https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication - () https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication - Product
References () https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 - () https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 - Mailing List, Vendor Advisory
CPE cpe:2.3:a:oracle:jdk:11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:8:*:*:*:*:*:*:*
cpe:2.3:a:apache:hugegraph:*:*:*:*:*:*:*:*
First Time Oracle jre
Oracle
Apache hugegraph
Apache
Oracle jdk

01 Aug 2024, 13:48

Type Values Removed Values Added
CWE CWE-284
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

01 May 2024, 17:15

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de ejecución remota de comandos RCE en Apache HugeGraph-Server. Este problema afecta a Apache HugeGraph-Server: desde 1.0.0 antes de 1.3.0 en Java8 y Java11. Se recomienda a los usuarios actualizar a la versión 1.3.0 con Java11 y habilitar el sistema de autenticación lo que soluciona el problema.
References
  • () http://www.openwall.com/lists/oss-security/2024/04/22/3 -

22 Apr 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-22 14:15

Updated : 2024-11-21 09:04


NVD link : CVE-2024-27348

Mitre link : CVE-2024-27348

CVE.ORG link : CVE-2024-27348


JSON object : View

Products Affected

apache

  • hugegraph

oracle

  • jdk
  • jre
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control