CVE-2024-27348— Apache HugeGraph-Server: Command execution in gremlin
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-27348
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache HugeGraph-Server: Command execution in gremlin
Source: NVD (National Vulnerability Database)
Vulnerability Description
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache HugeGraph 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache HugeGraph是美国阿帕奇(Apache)基金会的一个速度快、可扩展性强的图形数据库。 Apache HugeGraph 1.0.0至1.3.0之前版本存在安全漏洞,该漏洞源于存在远程命令执行(RCE)漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache HugeGraph-Server | 1.0.0 ~ 1.3.0 | - |
II. Public POCs for CVE-2024-27348
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Apache HugeGraph Server RCE Scanner ( CVE-2024-27348 ) | https://github.com/Zeyad-Azima/CVE-2024-27348 | POC Details |
| 2 | Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit | https://github.com/kljunowsky/CVE-2024-27348 | POC Details |
| 3 | None | https://github.com/jakabakos/CVE-2024-27348-Apache-HugeGraph-RCE | POC Details |
| 4 | This is a repository for Apache HugeGraph Remote Code Execution vulnerability(CVE-2024-27348)) | https://github.com/p0et08/CVE-2024-27348 | POC Details |
| 5 | Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-27348.yaml | POC Details |
| 6 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%BC%8F%E6%B4%9E/Apache%20HugeGraph%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2024-27348.md | POC Details |
| 7 | https://github.com/vulhub/vulhub/blob/master/hugegraph/CVE-2024-27348/README.md | POC Details | |
| 8 | CVE-2024-27348 Exploitation Toolkit: Complete RCE exploit for Apache Huge-Graph-Server vulnerability. | https://github.com/wqfh/MasterOfTheIndestry | POC Details |
| 9 | CVE-2024-27348 Exploitation Toolkit: Complete RCE exploit for Apache Huge-Graph-Server vulnerability. | https://github.com/wqfh/CVE-2024-27348 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-27348
请登录查看更多情报信息。
Same Patch Batch · Apache Software Foundation · 2024-04-22 · 3 CVEs total
| CVE-2024-27349 | Apache HugeGraph-Server: Bypass whitelist in Auth mode | |
| CVE-2024-27347 | Apache HugeGraph-Hubble: SSRF in Hubble connection page |
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
V. Comments for CVE-2024-27348
No comments yet