Severity: important Affected versions:
- Apache HugeGraph-Server 1.0.0 before 1.3.0 Description: RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. Also you could enable the "Whitelist-IP/port" function to improve the security of RESTful-API execution Credit: 6right of moresec (reporter) References: https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication https://hugegraph.apache.org/docs/download/download/ https://www.cve.org/CVERecord?id=CVE-2024-27348
