# Apache HugeGraph-Server: Gremlin中的命令执行漏洞
## 概述
Apache HugeGraph-Server 存在远程命令执行 (RCE) 漏洞。
## 影响版本
Apache HugeGraph-Server 1.0.0 到 1.3.0(不包括 1.3.0)在 Java 8 和 Java 11 中均受影响。
## 细节
在受影响版本中,攻击者可以通过特定条件执行任意远程命令,导致系统高危风险。
## 影响
建议用户升级到 Apache HugeGraph-Server 1.3.0 版本,并使用 Java 11,同时启用认证系统以修复该问题。
是否为 Web 类漏洞: 是
判断理由:
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) | https://github.com/Zeyad-Azima/CVE-2024-27348 | POC详情 |
| 2 | Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit | https://github.com/kljunowsky/CVE-2024-27348 | POC详情 |
| 3 | None | https://github.com/jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE | POC详情 |
| 4 | This is a repository for Apache HugeGraph Remote Code Execution vulnerability(CVE-2024-27348)) | https://github.com/p0et08/CVE-2024-27348 | POC详情 |
| 5 | Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-27348.yaml | POC详情 |
| 6 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/Apache%20HugeGraph%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2024-27348.md | POC详情 |
| 7 | https://github.com/vulhub/vulhub/blob/master/hugegraph/CVE-2024-27348/README.md | POC详情 | |
| 8 | CVE-2024-27348 Exploitation Toolkit: Complete RCE exploit for Apache Huge-Graph-Server vulnerability. | https://github.com/wqfh/MasterOfTheIndestry | POC详情 |
暂无评论