vulnerability
Apache HugeGraph: CVE-2024-27348: Improper Access Control
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Apr 22, 2024 | Jul 19, 2024 | Mar 25, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Apr 22, 2024
Added
Jul 19, 2024
Modified
Mar 25, 2026
Description
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 and Java11
Users are recommended to upgrade to version 1.3.0 with Java11 and enable the Auth system, which fixes the issue.
Users are recommended to upgrade to version 1.3.0 with Java11 and enable the Auth system, which fixes the issue.
Solution
apache-hugegraph-upgrade-latest
References
- CWE-284
- CVE-2024-27348
- https://attackerkb.com/topics/CVE-2024-27348
- http://www.openwall.com/lists/oss-security/2024/04/22/3
- https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
- https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-1059
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.