FlagThis

Apache has released security updates to address multiple critical vulnerabilities, including a SQL Injection flaw, affecting MINA, HugeGraph-Server, and Traffic Control products. These vulnerabilities, if exploited, could allow attackers to compromise systems, highlighting the importance of immediate patching. Organizations using these Apache products should prioritize updating them to the latest versions to mitigate the risk of exploitation.

Multiple critical vulnerabilities have been discovered in Apache software products, including Apache HugeGraph-Server (CVE-2024-43441), Apache Traffic Control (CVE-2024-45387), and Apache MINA (CVE-2024-52046). CVE-2024-43441 allows authentication bypass in HugeGraph-Server, potentially leading to unauthorized access. CVE-2024-45387 in Traffic Control enables SQL injection attacks. CVE-2024-52046 in MINA allows remote code execution via deserialization flaws. Users are urged to apply security patches immediately, with MINA requiring additional configuration to restrict class deserialization.