Description

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

Remediation

References

https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m

https://neo4j.com

Related Vulnerabilities

CVE-2018-19837 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2019-17531 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2020-35491 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2023-37955 Vulnerability in maven package org.jenkins-ci.plugins:test-results-aggregator

CVE-2020-15366 Vulnerability in maven package org.webjars.bowergithub.epoberezkin:ajv

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory Product Vendor Advisory