Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp2268848lqt; Mon, 22 Apr 2024 06:29:34 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVIkfAZVfyYp4KZnGKHWUQRCGebN/MVP4jTMxehk4bU1EIrBSn2sUoseObtBAujhrBDLteKRi3U/CIPnlkMBZIILfNrdodphbqNUsfI+w== X-Google-Smtp-Source: AGHT+IGx39A17F1GfKdK3GcaS0VwPwgBKB5obCD8MY6FsIesFxCOhsnsriCBXfDkLoy57PqEZHll X-Received: by 2002:ac2:5de8:0:b0:51a:affe:252e with SMTP id z8-20020ac25de8000000b0051aaffe252emr7281959lfq.37.1713792574233; Mon, 22 Apr 2024 06:29:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1713792574; cv=none; d=google.com; s=arc-20160816; b=EreHYNDKZccZugD84jgWiV3xe8vSmWBOWSQcvIEdnH/SFC56piOMxzn7iHcGpIlt+A xoaSz0sNVfbJDVc+PreOokCNHwQN7ufttVhcNcI5xGdsecKpRP25rJsDsPt7k4/F/BWh xEEjRJLjUDTZoYfqK7OB1XnjRMXk1MVL0N8ZEbXj9bLUe18u9izyMUeR2QzYECzrF6CE 9ukzEghlEhwnCcxmwOoq0oSFKCZbLO0QMUhkG34VilSitpmQSOEhVzSJUP5KvK6eoZjL CG1s/ehVKfdWGOEU+WQ2+ybQ37ucyL/C1Q6dlU3TgF+BN0HDlHahLycwfZOCdwsc+SyS ihKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:mime-version:date:content-transfer-encoding:message-id:to :from:delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=7O6hdlbWb8rDyoTz9zzfizpV3lKWG9YuHG6F1kEk5s8=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=sbEORgpcDK/Ub8+Mvay2wQuj+1xFfCcN9hzq8gGOyrtrQHANkuQyqezALERXjq7Lja sdEdeDmUfPdG12j4RMtdvj0sk2R8gDw1UVDO6ub2ahxY3xzoCEO15KJ1IIsuE2fCG5w2 Z7BUVE1yoyRXhd6wL1M2CnZsaIlgSbO1ksYIXD/FnCT00KPJ/nR9057x+8OzcqCnUTm+ EvnszER94/MaF7MPzljJO4DtWcm7XQOW634SZLwet6H2WJvDHpeAum3OEJ8PgusIoV52 dBviO1pBrJ/rAk30ogAaOiG5TJKNiNar21pAvMEygxCLgGE55KvMx9AoRkBykOmwotLa XyJA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of oss-security-return-30068-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30068-linux.lists.archive=gmail.com@lists.openwall.com" Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id m17-20020a1709062b9100b00a55470de0b3si5877616ejg.297.2024.04.22.06.29.34 for ; Mon, 22 Apr 2024 06:29:34 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30068-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; spf=pass (google.com: domain of oss-security-return-30068-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30068-linux.lists.archive=gmail.com@lists.openwall.com" Received: (qmail 1562 invoked by uid 550); 22 Apr 2024 13:29:16 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 5121 invoked from network); 22 Apr 2024 07:13:31 -0000 Authentication-Results: apache.org; auth=none Content-Type: text/plain; charset=utf-8 From: Imba Jin To: oss-security@lists.openwall.com Message-ID: <218c768c-8ee5-7196-4263-9fc356158d99@apache.org> Content-Transfer-Encoding: quoted-printable Date: Mon, 22 Apr 2024 07:13:19 +0000 MIME-Version: 1.0 Subject: [oss-security] CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page Severity: moderate Affected versions: - Apache HugeGraph-Hubble 1.0.0 before 1.3.0 Description: Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble= .This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. Credit: 6right of moresec (reporter) References: https://hugegraph.incubator.apache.org https://www.cve.org/CVERecord?id=3DCVE-2024-27347