CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.6%
org.apache.hugegraph:hugegraph-api and org.apache.hugegraph:hugegraph-core are vulnerable to Remote Code Execution.The vulnerability is due to improper input validation, allowing attackers to execute arbitrary commands remotely. This vulnerability is observed in Java8 and Java11.
www.openwall.com/lists/oss-security/2024/04/22/3
github.com/advisories/GHSA-29rc-vq7f-x335
github.com/apache/incubator-hugegraph/commit/713d88d1fd9953c3c3e3f130389501910ba40e1d
hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9