Vulnerable Apache HugeGraph-Server instances impacted by the critical remote command execution flaw, tracked as CVE-2024-27348, were discovered by the Shadowserver Foundation to have been targeted by threat actors in attacks originating from various sources since the emergence of a proof-of-concept exploit last month, The Hacker News reports.
Exploitation of the security issue, which is an RCE within the Gremlin graph traversal language API that was addressed by the Apache Software Foundation in April, could potentially enable sandbox restriction evasion and eventual server takeovers, according to a report from SecureLayer7 last month. Apache previously urged organizations with the impacted HugeGraph-Server instances to implement the version 1.3.0 update with Java11 and activate the Auth system. "Also you could enable the 'Whitelist-IP/port' function to improve the security of RESTful-API execution," said Apache. Such a development comes after various attacks exploiting vulnerabilities in Apache Log4j, RocketMQ, and ActiveMQ.