CVE-2024-27348
Published Apr 22, 2024
Last updated 6 months ago
AI description
CVE-2024-27348 is a Remote Command Execution (RCE) vulnerability affecting Apache HugeGraph-Server versions 1.0.0 to before 1.3.0, in both Java 8 and Java 11 environments. The vulnerability lies in how Apache HugeGraph-Server handles user inputs in Gremlin queries. This flaw allows attackers to send specially crafted Gremlin queries that exploit the GremlinGroovyScriptEngine class to execute arbitrary OS commands. Successful exploitation could lead to unauthorized access, data manipulation, and complete system compromise.
- Description
- RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- hugegraph
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache HugeGraph-Server Improper Access Control Vulnerability
- Exploit added on
- Sep 18, 2024
- Exploit action due
- Oct 9, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-284
- Hype score
- Not currently trending
🚀 CVE-2024-27348 | Advanced Apache HugeGraph RCE Exploit (Professional PoC) From Scratch in Python 🤟🏻 Advanced and professional exploit. Here's a link to the YouTube video. https://t.co/2e23FEzcW2… Please subscribe for more CVEs and bug bounty tips. https://t.co/2e23FE
@Z3R0NYX
10 Aug 2025
229 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2024-27348: RCE in Apache HugeGraph Server Credit: https://t.co/fzMNST8G4m https://t.co/bWH8c6YyOI
@DarkWebInformer
13 Jul 2025
5072 Impressions
5 Retweets
41 Likes
22 Bookmarks
1 Reply
0 Quotes
今話題のデータフォーマットParquetに最も深刻なRCE脆弱性(CVE-2024-27348)が発見されたよ。HadoopやSpark使ってる企業・政府は要注意!サプライチェーン全体の見直しが必要だね https://t.co/kViuSiRd1Y
@techandeco4242
7 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
שרשור קצרצר חדש בסדרת שרשורי ההנגשה שמתרחבת גם להנגשת "CVE's". והיום אתחיל מהפשוט ואדבר על CVE-2024-27348, חולשה במסד הנתונים Apache HugeGraph שפורסמה לפני כשבעה חודשים ומאפשרת הרצת קוד מרחוק באמצעות ממשק ה-API של מסד הנתונים. מה קרה שם בדיוק? בואו נצלול 🧵 >> https://t.c
@kodkodcyber
20 Jan 2025
2122 Impressions
0 Retweets
13 Likes
2 Bookmarks
1 Reply
0 Quotes
🔴 Apache HugeGraph-Server RCE Vulnerability (#CVE-2024-27348): Critical #Update Required https://t.co/AYcoMKrSOF
@dailycve
16 Dec 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:hugegraph:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DDD7AA3-3439-48D7-B24B-1D9D31B284BD",
"versionEndExcluding": "1.3.0",
"versionStartIncluding": "1.0.0"
}
],
"operator": "OR"
}
]
}
]