AI description
CVE-2024-27348 is a Remote Command Execution (RCE) vulnerability affecting Apache HugeGraph-Server versions 1.0.0 to before 1.3.0, in both Java 8 and Java 11 environments. The vulnerability lies in how Apache HugeGraph-Server handles user inputs in Gremlin queries. This flaw allows attackers to send specially crafted Gremlin queries that exploit the GremlinGroovyScriptEngine class to execute arbitrary OS commands. Successful exploitation could lead to unauthorized access, data manipulation, and complete system compromise.
- Description
- RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache HugeGraph-Server Improper Access Control Vulnerability
- Exploit added on
- Sep 18, 2024
- Exploit action due
- Oct 9, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-284
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
14
🚨CVE-2024-27348: RCE in Apache HugeGraph Server Credit: https://t.co/fzMNST8G4m https://t.co/bWH8c6YyOI
@DarkWebInformer
13 Jul 2025
5072 Impressions
5 Retweets
41 Likes
22 Bookmarks
1 Reply
0 Quotes
今話題のデータフォーマットParquetに最も深刻なRCE脆弱性(CVE-2024-27348)が発見されたよ。HadoopやSpark使ってる企業・政府は要注意!サプライチェーン全体の見直しが必要だね https://t.co/kViuSiRd1Y
@techandeco4242
7 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
שרשור קצרצר חדש בסדרת שרשורי ההנגשה שמתרחבת גם להנגשת "CVE's". והיום אתחיל מהפשוט ואדבר על CVE-2024-27348, חולשה במסד הנתונים Apache HugeGraph שפורסמה לפני כשבעה חודשים ומאפשרת הרצת קוד מרחוק באמצעות ממשק ה-API של מסד הנתונים. מה קרה שם בדיוק? בואו נצלול 🧵 >> https://t.c
@kodkodcyber
20 Jan 2025
2122 Impressions
0 Retweets
13 Likes
2 Bookmarks
1 Reply
0 Quotes
🔴 Apache HugeGraph-Server RCE Vulnerability (#CVE-2024-27348): Critical #Update Required https://t.co/AYcoMKrSOF
@dailycve
16 Dec 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:hugegraph:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DDD7AA3-3439-48D7-B24B-1D9D31B284BD",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.0.0"
}
],
"operator": "OR"
}
]
}
]