Apache Hugegraph Under Attack

Vulnerabilities in Apache projects have been targeted by attackers for years. In the past, threat actors have breached flaws in Log4j, ActiveMQ, and RocketMQ successfully for financial gain.

However, a recent vulnerability in the Apache HugeGraph-Server could lead to a large volume of remote code execution attacks, and even total account takeover, if left unchecked.

The vulnerability in question stems from a remote code execution flaw in the Gremlin graph transversal language API. According to information posted at The Hacker News, the vulnerability affects all versions of the software before 1.3.0, so users are encouraged to upgrade their versions with Java11 and enable the Auth system to bolster their security against this newfound risk.

Researchers from SecureLayer7 disclosed further details about the vulnerability, revealing that it could allow an attacker to bypass sandbox restrictions and completely take control of a server. 

And this week, the Shadowserver Foundation spotted exploitation attempts in the cyber wild that leveraged the vulnerability, highlighting the urgency for users to upgrade their software before they themselves fall victim to these kinds of attacks. They released a statement on X about this.

We are observing Apache HugeGraph-Server CVE-2024-27348 RCE "POST /gremlin" exploitation attempts from multiple sources. PoC code is public since early June. If you run HugeGraph, make sure to update.

Overall, these vulnerabilities have the potential to affect millions of Apache users and their personally identifiable information. 

Remote code execution is a particularly pernicious type of vulnerability as it allows hackers and bad actors to completely take over a function and use it for malicious purposes. And as API use continues to rise, the complexity and volume of attacks is only rising with it. 

Protect your APIs with FireTail today. To learn how, schedule a free, 30-minute demo here.