Description

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

Remediation

References

https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m

https://neo4j.com

Related Vulnerabilities

CVE-2017-1000386 Vulnerability in maven package org.biouno:uno-choice

CVE-2020-7768 Vulnerability in maven package org.webjars.npm:grpc

CVE-2022-3171 Vulnerability in maven package com.google.protobuf:protobuf-kotlin-lite

CVE-2022-25845 Vulnerability in maven package com.alibaba:fastjson

CVE-2021-21166 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory Product Vendor Advisory