back to article POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw

If you haven't yet upgraded to version 1.3.0 of Apache HugeGraph, now's a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in the open-source graph database have been made public. Apache HugeGraph lets developers build applications based on graph databases and is …

  1. Tom Chiverton 1 Silver badge

    Who'd have thought allowing randoms to post generic Java to your API for execution would be a problem?

    1. CowHorseFrog Silver badge

      Thats not the problem. The problem is allowing ANY java code to be executed. They took the lazy option and skipped any attempt to blacklist java apis.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like