com.arcadedb:arcadedb-bolt (>=26.2.1 <=26.3.2), com.arcadedb:arcadedb-coverage (>=21.9.1 <=25.4.1) +10 more potentially affected by CVE-2026-44221 via com.arcadedb:arcadedb-server (>=21.10.1 <=26.3.2)

com.arcadedb:arcadedb-server MAVEN version =21.10.1, =26.2.1, =21.9.1, =21.12.1, =24.11.1, =25.9.1, =25.1.1, =21.9.1, =21.9.1, =21.9.1, =21.9.1, =25.11.1, =26.3.2 - io.github.mdre:adbogm =0.9.0.6 Source cves: CVE-2026-44221 Source advisory: OSV:GHSA-FXC7-FM93-6Q77...

Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

Arbitrary Code Injection

Overview org.apache.atlas:atlas-repository is an Apache Atlas Repository Module Affected versions of this package are vulnerable to Arbitrary Code Injection in the DSL search endpoint. An attacker can execute arbitrary code by placing malicious Gremlin traversal logic within grammar-allowed...

PT-2026-36788

Name of the Vulnerable Software and Affected Versions Apache Atlas versions 0.8 through 2.4.0 Description An improper control of code generation issue exists in the DSL search endpoint, which accepts user-supplied query strings. An attacker can alter Gremlin traversal logic using grammar-allowed...

Apache Atlas 代码注入漏洞

Apache Atlas is a scalable and extensible core feature governance service developed by the Apache Foundation in the United States. Version 0.8 to 2.4.0 of Apache Atlas contains a code injection vulnerability. This vulnerability stems from the DSL search endpoint accepting query strings provided b...

Apache HugeGraph Gremlin command injection

Added: 08/20/2024 Background Apache HugeGraph is a graph database. HugeGraph supports Gremlin, a graph traversal language. Problem A vulnerability in Apache HugeGraph allows remote attackers to bypass sandbox restrictions and execute arbitrary commands through Gremlin. Resolution Upgrade to...

Apache HugeGraph Gremlin command injection

Added: 08/20/2024 Background Apache HugeGraph is a graph database. HugeGraph supports Gremlin, a graph traversal language. Problem A vulnerability in Apache HugeGraph allows remote attackers to bypass sandbox restrictions and execute arbitrary commands through Gremlin. Resolution Upgrade to...

Apache HugeGraph Gremlin Remote Code Execution Exploit

This Metasploit module exploits CVE-2024-27348, a remote code execution vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve remote code execution through Gremlin, resulting in complete control over the server...

Apache HugeGraph Gremlin Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache HugeGraph Gremlin RCE', 'Description' = %q This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that...

Apache HugeGraph Gremlin RCE

This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server Module Options msf...

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 CVSS score: 9.8, the vulnerability impacts all versions of the software before 1.3.0. It has been describ...

Exploit for Improper Access Control in Apache Hugegraph

Remote Code Execution vulnerability in Apache HugeGraph Server...

XML External Entity (XXE)

tinkerpop is vulnerable to XML external entity attacks. The gremlin-core package does not disable the XML input stream potentially allowing attackers to submit malicious XML to the XML parser and gain access to sensitive information...