Security experts are warning that a “critical severity” Apache HugeGraph vulnerability is being actively exploited, requiring users upgrade immediately.

The Apache Software Foundation revealed in April that a remote command execution vulnerability impacts all versions of Apache HugeGraph-Server prior to 1.3.0.

Users are recommended to upgrade to version 1.3.0 with Java11 & enable
the Auth system, which fixes the issue.

As noted by The Hacker News, cybersecurity firm SecureLayer7 provided details on the exploit, including how dangerous it is.

CVE-2024-27348 is a Remote Code Execution (RCE) vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server. This CVE scored 9.8 on the CVSS base scale

During this analysis, we learned how the vulnerability allows attackers to bypass sandbox restrictions and achieve RCE via Gremlin by exploiting missing reflection filtering in the SecurityManager. This allowed us to access and manipulate various methods, ultimately enabling us to change the task/thread name to bypass all security checks. It was patched by filtering critical system classes and adding new security checks in HugeSecurityManager.

According to The Shadowserver Foundation—a nonprofit cybersecurity security organization—said on its Mastodon account that it is observing active attempts to exploit the HugeGraph vulnerability.

We are observing Apache HugeGraph-Server CVE-2024-27348 RCE “POST /gremlin” exploitation attempts from multiple sources. PoC code is public since early June. If you run HugeGraph, make sure to update: https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2

The Shadowserver Foundation (@[email protected]) | July 16, 2024

Needless to say, users and organizations should update immediately to protect themselves against this exploit.