Critical Apache HugeGraph vulnerability under attack

July 17, 2024Press releaseSecurity gaps/data security

Threat actors are actively exploiting a recently disclosed critical vulnerability in the Apache HugeGraph server that could lead to remote code execution attacks.

Pursued as CVE-2024-27348 (CVSS score: 9.8), the vulnerability affects all versions of the software prior to 1.3.0. It was described as a remote command execution flaw in the Gremlin Graph Traversal Language API.

“Users are advised to upgrade to version 1.3.0 with Java11 and enable the Auth system, which will resolve the issue,” the Apache Software Foundation noted in late April 2024. “You can also enable the ‘Whitelist IP/Port’ feature to improve the security of RESTful API execution.”

In early June, penetration testing firm SecureLayer7 released more technical details about the vulnerability, saying it allows attackers to bypass sandbox restrictions and execute code, giving them complete control over a vulnerable server.

This week, the Shadowserver Foundation said it had discovered attack attempts in the wild that exploit the vulnerability, making it urgent for users to quickly apply the latest fixes.

“We are observing Apache HugeGraph server CVE-2024-27348 RCE ‘POST /gremlin’ exploit attempts from multiple sources,” it said. “(Proof-of-concept) code has been public since early June. If you are running HugeGraph, be sure to update.”

Vulnerabilities discovered in Apache projects have proven to be a lucrative attack vector for state and financially motivated threat actors in recent years, with vulnerabilities in Log4j, ActiveMQ, and RocketMQ commonly being exploited to penetrate target environments.