6Right

**Name of the Vulnerable Software and Affected Versions** Apache HugeGraph-Hubble versions 1.0.0 through 1.2.x **Description** A Server-Side Request Forgery (SSRF) issue affects the software, allowing unauthorized access to internal resources. Users are advised to upgrade to a fixed version to resolve the issue. **Recommendations** For Apache HugeGraph-Hubble versions 1.0.0 through 1.2.x, upgrade to version 1.3.0 to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Apache HugeGraph-Server versions 1.0.0 through 1.2.x **Description** The issue is related to an Authentication Bypass by Spoofing. Users are recommended to upgrade to a newer version to fix the issue. **Recommendations** For Apache HugeGraph-Server versions 1.0.0 through 1.2.x, upgrade to version 1.3.0 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Apache HugeGraph-Server versions 1.0.0 through 1.3.0 Description: The issue affects Apache HugeGraph-Server, allowing unauthenticated remote code execution and server takeover. This flaw can be exploited by attackers to bypass sandbox restrictions, leading to remote code execution. The vulnerability has been identified in HugeGraph-Server versions 1.0.0 – 1.3.0. It is recommended to upgrade to version 1.3.0 with Java11 and enable the Auth system to fix the issue. The vulnerability is being actively exploited, and users are advised to take immediate action to prevent exploitation. Recommendations: Upgrade to version 1.3.0 with Java11 and enable the Auth system to fix the issue. As a temporary workaround, consider disabling the vulnerable `groovy` injection functionality until a patch is available. Restrict access to the vulnerable `gremlin` endpoint to minimize the risk of exploitation. Avoid using the `groovy` parameter in the affected API endpoint until the issue is resolved.