Threat actors are actively exploiting a recently disclosed critical security flaw in Apache HugeGraph-Server, potentially leading to remote code execution attacks.
The vulnerability, tracked as CVE-2024-27348, is an OS command injection issue within the Gremlin graph traversal language API that can be exploited via malicious request. The flaw affects all versions of Apache HugeGraph-Server prior to 1.3.0.
The developers of Apache HugeGraph-Server have released version 1.3.0, which addresses the critical security issue. Users are strongly recommended to upgrade to the fixed version as soon as possible. Additionally, users are advised to enable the Auth system and use Java11 to ensure protection against the exploit.
The Shadowserver Foundation, a nonprofit security organization, has reported observing in-the-wild exploitation attempts leveraging this vulnerability.
“We are observing Apache HugeGraph-Server CVE-2024-27348 RCE "POST /gremlin" exploitation attempts from multiple sources. PoC code is public since early June. If you run HugeGraph, make sure to update,” the organization wrote in a post on X.
In a separate post the Shadowserver Foundation warned of the in-the-wild exploitation of a critical vulnerability in the open source server for sharing geospatial data GeoServer (CVE-2024-36401). The flaw is a code injection vulnerability that allows a remote attacker to execute arbitrary code on the target system. The US Cybersecurity and Infrastructure Security Agency has added this issue to its Known Exploited Vulnerability Catalog.
Last week, CISA and the FBI issued a joint security alert urging software companies to review and eliminate OS command injection vulnerabilities in their products before shipping.