<p>Upgrade <code>org.apache.hugegraph:hugegraph-api</code> to version 1.3.0 or higher.</p>

Authentication Bypass by Spoofing Affecting org.apache.hugegraph:hugegraph-api package, versions [,1.3.0)

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS 0.04% (9^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGAPACHEHUGEGRAPH-6672141
published 23 Apr 2024
disclosed 22 Apr 2024
credit 6right

Report a new vulnerability Found a mistake?

Introduced: 22 Apr 2024

New CVE-2024-27349 Open this link in a new tab CWE-290 Open this link in a new tab

How to fix?

Upgrade org.apache.hugegraph:hugegraph-api to version 1.3.0 or higher.

Overview

Affected versions of this package are vulnerable to Authentication Bypass by Spoofing due to improper validation of user-supplied input in the authentication mechanism. An attacker can bypass authentication controls by spoofing a legitimate user's credentials. This vulnerability is particularly concerning because it allows unauthorized access to the system, potentially leading to further exploitation such as data theft, system manipulation, or the deployment of malicious software.

Note:

Enabling the "Whitelist-IP/port" function improves the security of RESTful-API execution.