Patch now! Exploit for critical Apache HugeGraph vulnerability in circulation

For security reasons, admins should quickly update the HugeGraph tool from Apache for creating diagrams.

(Image: Artur Szczybylo/Shutterstock.com)

Jun 7, 2024 at 8:08 pm CEST

1 min. read

Security

By

Dennis Schirrmacher

This article was originally published in German and has been automatically translated.

Apache HugeGraph can be attacked via a "critical" vulnerability. If attacks are successful, attackers can execute malicious code and gain full control of systems. As exploit code is now in circulation, attacks may be imminent.

The vulnerability (CVE-2024-27348) has been known since April of this year. It specifically affects HugeGraph servers from version 1.0.0 in a Java 8 and Java 11 environment. The developers claim to have closed the gap in version 1.3.0.

Attacks should be possible remotely without authentication. Attackers must use prepared Gremlin commands to break out of the sandbox and execute their own code. Security researchers from SecureLayer7 have analyzed the vulnerability in detail.

(des)

Back to top

Alle Angebote

Newsletter heise-Bot Push Push-Nachrichten

${intro} ${title}

${intro} ${title}

Patch now! Exploit for critical Apache HugeGraph vulnerability in circulation

Spiele

1 Monat gratis lesen.Jetzt 1 Monat gratis lesen.

Das digitale Abo für IT und Technik.