Description

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

Remediation

References

https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m

https://neo4j.com

Related Vulnerabilities

CVE-2020-28496 Vulnerability in npm package three

CVE-2020-2118 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-githubnotify-step

CVE-2018-20222 Vulnerability in maven package org.airsonic.player:airsonic-main

CVE-2020-6426 Vulnerability in npm package electron

CVE-2016-10735 Vulnerability in maven package org.webjars.npm:bootstrap-sass

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory Product Vendor Advisory