From 27815fdf0cd2389e03570b51960de906ce00c3c6 Mon Sep 17 00:00:00 2001 From: VGalaxies Date: Fri, 12 Dec 2025 14:04:23 +0800 Subject: [PATCH 1/2] Update security.md with new CVE listings Added new CVE entries for HugeGraph vulnerabilities. --- content/cn/docs/guides/security.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/cn/docs/guides/security.md b/content/cn/docs/guides/security.md index a1bdf20c5..9a0a77dc9 100644 --- a/content/cn/docs/guides/security.md +++ b/content/cn/docs/guides/security.md @@ -29,6 +29,8 @@ weight: 7 - [CVE-2024-27348](https://www.cve.org/CVERecord?id=CVE-2024-27348): HugeGraph-Server - Command execution in gremlin - [CVE-2024-27349](https://www.cve.org/CVERecord?id=CVE-2024-27349): HugeGraph-Server - Bypass whitelist in Auth mode +- [CVE-2024-43441](https://www.cve.org/CVERecord?id=CVE-2024-43441): HugeGraph-Server - Fixed JWT Token (Secret) +- [CVE-2025-26866](https://www.cve.org/CVERecord?id=CVE-2025-26866): HugeGraph-Server - RAFT and deserialization vulnerability ### [HugeGraph-Toolchain](https://github.com/apache/hugegraph-toolchain) 仓库 (Hubble/Loader/Client/Tools/..) From 593b146e98433e91a55beba1a769196379829e66 Mon Sep 17 00:00:00 2001 From: VGalaxies Date: Fri, 12 Dec 2025 14:08:02 +0800 Subject: [PATCH 2/2] Update security.md with new CVE entries Added new CVE entries for HugeGraph vulnerabilities. --- content/en/docs/guides/security.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/en/docs/guides/security.md b/content/en/docs/guides/security.md index 5fde71379..4ce211020 100644 --- a/content/en/docs/guides/security.md +++ b/content/en/docs/guides/security.md @@ -29,6 +29,8 @@ The general process for handling security vulnerabilities is as follows: - [CVE-2024-27348](https://www.cve.org/CVERecord?id=CVE-2024-27348): HugeGraph-Server - Command execution in gremlin - [CVE-2024-27349](https://www.cve.org/CVERecord?id=CVE-2024-27349): HugeGraph-Server - Bypass whitelist in Auth mode +- [CVE-2024-43441](https://www.cve.org/CVERecord?id=CVE-2024-43441): HugeGraph-Server - Fixed JWT Token (Secret) +- [CVE-2025-26866](https://www.cve.org/CVERecord?id=CVE-2025-26866): HugeGraph-Server - RAFT and deserialization vulnerability ### HugeGraph-Toolchain project (Hubble/Loader/Client/Tools/..)