Share
## https://sploitus.com/exploit?id=SAINT:49C66ED8B7443985AD371E77346FE318
Added: 08/20/2024  


### Background

Apache HugeGraph is a graph database. HugeGraph supports Gremlin, a graph traversal language. 

### Problem

A vulnerability in Apache HugeGraph allows remote attackers to bypass sandbox restrictions and execute arbitrary commands through Gremlin. 

### Resolution

Upgrade to HugeGraph 1.3.0 or higher with Java 11 and enable the Auth system. 

### References

https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9   


### Platforms

Linux