Apache HugeGraph users told to patch immediately to stay safe from this dangerous bug

Hackers spotted trying to abuse an Apache HugeGraph bug

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Months after being patched, a vulnerability in the Apache HugeGraph-Server is being exploited to trigger remote code execution (RCE) on vulnerableendpoints.

Nonprofit security organization the Shadowserver Foundation sounded the alarm on Mastodon, noting, “We are observing Apache HugeGraph-Server CVE-2024-27348 RCE “POST /gremlin” exploitation attempts from multiple sources,” the warning reads. “PoC code is public since early June. If you run HugeGraph, make sure to update.”

The vulnerability Shadowserver Foundation is referring to is described as a remote command execution vulnerability in the Gremlin graph traversal language API. It carries a severity score of 9.8, and affects all versions of the software prior to 1.3.0.

What is Apache HugeGraph?

Version 1.3.0, which addresses the issue, was released in April 2024. Back then, the Apache Software Foundation urged its users toapply the patchand enable the Auth system. “Also you could enable the ‘Whitelist-IP/port’ function to improve the security of RESTful-API execution,” it said at the time.

Apache HugeGraph is an open source graph database system, supporting the storage and querying of billions of vertices and edges. Implemented with the Apache TinkerPop3 framework, it is fully compatible with the Gremlin query language, allowing for complex graph queries and analyses.

HugeGraph is suitable for various applications such as deep relationship exploration, association analysis, path search, feature extraction, data clustering, community detection, and knowledge graphs. It is used in fields like network security, telecommunications fraud detection, financial risk control, advertising recommendations, social networks, and intelligent robots.

HugeGraph-Server, or the other hand, is the core component of the Apache HugeGraph project, responsible for handling the storage, querying, and management of graph data. It is designed to efficiently manage and process large-scale graph data, supporting various backend storage engines and providing robust APIs for interacting with the data.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaTheHackerNews

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Windows PCs targeted by new malware hitting a vulnerable driver

Dangerous Android banking malware looks to trick victims with fake money transfers

ChatGPT just got easier to find when you’re searching for something