Скачать или смотреть CVE-2024-45507: Apache HugeGraph Unauthenticated RCE Exploit

Overview

This video features a Proof of Concept (PoC) for CVE-2024-45507, a critical Remote Code Execution (RCE) vulnerability in Apache HugeGraph-Server (versions before 1.5.0). This flaw allows unauthenticated attackers to bypass security restrictions and execute arbitrary system commands via the Gremlin graph traversal language.

Technical Breakdown

CVE-2024-45507 is caused by an inadequate sandbox filter in the Gremlin engine. Although HugeGraph attempts to restrict access to dangerous Java classes, attackers can use reflection and specific Gremlin scripts to bypass these filters. By sending a crafted POST request to the /gremlin endpoint, an unauthenticated user can trigger the execution of malicious code on the host server.

⚠️ Disclaimer:

This content is provided strictly for educational purposes and authorized security research.


🔗 Links & Resources:

https://thehackernews.com/2024/09/apa...

https://nvd.nist.gov/vuln/detail/CVE-...

https://github.com/vulhub/vulhub/tree...


👍 Like • 💬 Comment • 🔁 Share

.
.
.
.
.
.
.
.
.
.

Tags:

#CVE202445507 #HugeGraph #Apache #RCE #CyberSecurity #InfoSec #RemoteCodeExecution #EthicalHacking #BugBounty #ZeroDay #VulnerabilityResearch #GraphDatabase #JavaSecurity #RedTeam #ExploitPoC