A java unsafe reflection vulnerability present in Gremlin scripting feature of Apache HugeGraph allows remote attackers to execute system commands in the context of the affected application. This module exploits the vulnerability by sending scripts to the vulnerable endpoint (/gremlin) that bypasses the checks made by the callFromWorkerWithClass function. The bypass consist in changing the current thread name to something else than doesn't contain "gremlin-server-exec" nor "task-worker".
CVE Link
Exploit Platform
Exploit Type
Product Name