CVE-2024-27348

CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin

Vendor Apache Software Foundation

Product Apache HugeGraph-Server

Published April 22, 2024

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Key dates

Disclosure timeline

April 22, 2024 CVE published

October 21, 2025 Record updated