Encircle News!

Retro Game Arcade
, , ,

Apache HugeGraph users told to patch immediately to stay safe from this dangerous bug

TechRadar – All the latest technology news

Months after being patched, a vulnerability in the Apache HugeGraph-Server is being exploited to trigger remote code execution (RCE) on vulnerable endpoints

Nonprofit security organization the Shadowserver Foundation sounded the alarm on Mastodon, noting, “We are observing Apache HugeGraph-Server CVE-2024-27348 RCE “POST /gremlin” exploitation attempts from multiple sources,” the warning reads. “PoC code is public since early June. If you run HugeGraph, make sure to update.”

The vulnerability Shadowserver Foundation is referring to is described as a remote command execution vulnerability in the Gremlin graph traversal language API. It carries a severity score of 9.8, and affects all versions of the software prior to 1.3.0.

What is Apache HugeGraph?

Version 1.3.0, which addresses the issue, was released in April 2024. Back then, the Apache Software Foundation urged its users to apply the patch and enable the Auth system. “Also you could enable the 'Whitelist-IP/port' function to improve the security of RESTful-API execution,” it said at the time. 

Apache HugeGraph is an open source graph database system, supporting the storage and querying of billions of vertices and edges. Implemented with the Apache TinkerPop3 framework, it is fully compatible with the Gremlin query language, allowing for complex graph queries and analyses.

HugeGraph is suitable for various applications such as deep relationship exploration, association analysis, path search, feature extraction, data clustering, community detection, and knowledge graphs. It is used in fields like network security, telecommunications fraud detection, financial risk control, advertising recommendations, social networks, and intelligent robots.

HugeGraph-Server, or the other hand, is the core component of the Apache HugeGraph project, responsible for handling the storage, querying, and management of graph data. It is designed to efficiently manage and process large-scale graph data, supporting various backend storage engines and providing robust APIs for interacting with the data.

Via TheHackerNews

More from TechRadar Pro

https://www.techradar.com/pro/security/apache-hugegraph-users-told-to-patch-immediately-to-stay-safe-from-this-dangerous-bug

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

July 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 988: Flaming Corn Maze – AT&T Breach, Galaxy Z Fold6, Olympic Disinfo This Week in Tech (Audio)

Galaxy Z Fold 6 launches for $1,899 with wider displays FTC bans anonymous messaging app NGL from hosting children AT&T says criminals stole phone records of 'nearly all' customers in new data breach EU accuses Elon Musk's X of deceptive practices over blue 'checkmark' After 41 years Microsoft quietly adds spellchecking and autocorrect to Windows Notepad AI PCs: Qualcomm (QCOM), Microsoft (MSFT) Turn to AI to Revive PC Market Goldman Sachs: AI Is Overhyped, Wildly Expensive, and Unreliable U.S. says Russian bot farm used AI to impersonate Americans Disinfo spreaders set their sights on Paris Olympics My 28,000-follower Twitter account was hacked—and it changed my life for the better Is anyone concerned that Palmer Luckey's new compay Anduril (aka Aragorn's sword from LOTR) is making military products and has a mission statement straight out of Robocop? Apple now makes it easier to switch from Google Photos to iCloud Photos FTC Fires A Warning Shot At Eight Companies Over 'Right To Repair' Violations Host: Leo Laporte Guests: Mike Elgan, Denise Howell, and Harry McCracken Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: e-e.com/twit motific.ai bitwarden.com/twit ziprecruiter.com/twit
  1. TWiT 988: Flaming Corn Maze – AT&T Breach, Galaxy Z Fold6, Olympic Disinfo
  2. TWiT 987: Often Plagiarized, Never Equalled – Sapce Junk, Threads Hits 175M Users, AIndependence
  3. TWiT 986: Our Dope GPS! – Supreme Court Decisions, Snapdragon X Elite Tests
  4. TWiT 985: TikTok With Wings – AT&T Landlines, US Bans Kaspersky and DJI
  5. TWiT 984: Fifty-three Clicks – Bot Farms in Ukraine, LA Public Health Dept. Phished