From 024af65c2a1366c163ce32ae34231adb28b92197 Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Wed, 14 Aug 2024 04:30:49 -0500
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 60 +++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index dda125361413..2e0f289a0c39 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -67943,6 +67943,66 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/apache_hugegraph_gremlin_rce": {
+    "name": "Apache HugeGraph Gremlin RCE",
+    "fullname": "exploit/linux/http/apache_hugegraph_gremlin_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-04-22",
+    "type": "exploit",
+    "author": [
+      "6right",
+      "jheysel-r7"
+    ],
+    "description": "This module exploits CVE-2024-27348 which is a Remote Code Execution (RCE) vulnerability that exists in\n          Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve\n          RCE through Gremlin, resulting in complete control over the server",
+    "references": [
+      "URL-https://blog.securelayer7.net/remote-code-execution-in-apache-hugegraph/",
+      "CVE-2024-27348"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd",
+    "rport": 8080,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic Target"
+    ],
+    "mod_time": "2024-08-13 08:48:33 +0000",
+    "path": "/modules/exploits/linux/http/apache_hugegraph_gremlin_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/apache_hugegraph_gremlin_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/apache_nifi_h2_rce": {
     "name": "Apache NiFi H2 Connection String Remote Code Execution",
     "fullname": "exploit/linux/http/apache_nifi_h2_rce",