oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-43441: Apache HugeGraph-Server: Fixed JWT Token(Secret)

From: Imba Jin <jin () apache org>
Date: Tue, 24 Dec 2024 18:41:57 +0800
Severity: important

Affected versions:

- Apache HugeGraph-Server 1.0 ~ 1.3 (before 1.5.0)

Description:

Authentication Bypass by Assumed-Immutable Data vulnerability in
Apache HugeGraph-Server.

Users are recommended to upgrade to version 1.5.0, which fixes the issue.

Credit:

L0ne1y (reporter)

References:
- https://hugegraph.apache.org/docs/guides/security/
- https://lists.apache.org/thread/ykzx1076f4mjv0vf19lkz4bgnlb6qx8f
- https://www.cve.org/CVERecord?id=CVE-2024-43441


Apache HugeGraph PPMC
Previous By Date Next
Previous By Thread Next

Current thread: