Description

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

Remediation

References

https://neo4j.com

https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m

Related Vulnerabilities

CVE-2022-25872 Vulnerability in npm package fast-string-search

CVE-2023-39022 Vulnerability in maven package opensymphony:oscore

CVE-2020-2242 Vulnerability in maven package org.jenkins-ci.plugins:database

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_native0.4_3

CVE-2015-1772 Vulnerability in maven package org.apache.hive:hive-service

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Product Vendor Advisory Third Party Advisory