Description

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

Remediation

References

https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m

https://neo4j.com

Related Vulnerabilities

CVE-2020-2252 Vulnerability in maven package org.jenkins-ci.plugins:mailer

CVE-2019-1003049 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-14863 Vulnerability in maven package org.webjars.bower:angular

CVE-2022-1330 Vulnerability in maven package org.webjars.bowergithub.alvarotrigo:fullpage.js

CVE-2019-10768 Vulnerability in maven package org.webjars.npm:angular

Severity

Critical

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Third Party Advisory Product Vendor Advisory