Apache HugeGraph Vulnerability Exploited in Wild

17-July-24

Threat actors are attempting to exploit a recently patched Apache HugeGraph vulnerability, CVE-2024-27348, which allows for remote command execution. This flaw, patched in version 1.3.0, was disclosed in April. The Shadowserver Foundation reported increased exploitation attempts starting June 6, with attacks from eight IP addresses. Proof-of-concept exploit code and technical details were released by SecureLayer7 in early June, highlighting the critical severity and the potential for attackers to bypass sandbox restrictions and gain full control of targeted servers.

Read More…