Authentication Bypass by Spoofing Affecting org.apache.hugegraph:hugegraph-api package, versions [,1.3.0)
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEHUGEGRAPH-6672141
- published 23 Apr 2024
- disclosed 22 Apr 2024
- credit 6right
Introduced: 22 Apr 2024
New CVE-2024-27349 Open this link in a new tabHow to fix?
Upgrade org.apache.hugegraph:hugegraph-api
to version 1.3.0 or higher.
Overview
Affected versions of this package are vulnerable to Authentication Bypass by Spoofing due to improper validation of user-supplied input in the authentication mechanism. An attacker can bypass authentication controls by spoofing a legitimate user's credentials. This vulnerability is particularly concerning because it allows unauthorized access to the system, potentially leading to further exploitation such as data theft, system manipulation, or the deployment of malicious software.
Note:
Enabling the "Whitelist-IP/port" function improves the security of RESTful-API execution.