Description

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

Remediation

References

https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m

https://neo4j.com

Related Vulnerabilities

CVE-2016-10535 Vulnerability in npm package csrf-lite

CVE-2021-4103 Vulnerability in npm package vditor

CVE-2020-8116 Vulnerability in npm package dot-prop

CVE-2019-10421 Vulnerability in maven package org.jenkins-ci.plugins:azure-event-grid-notifier

CVE-2017-14063 Vulnerability in maven package org.asynchttpclient:async-http-client-project

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory Product Vendor Advisory