A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NNeo4j Awesome Procedures
APPNeo4J< 3.5.0.174.2.0.0 – 4.2.10 (bez)4.3.0.0 – 4.3.0.4 (bez)4.4.0.0 – 4.4.0.1 (bez)
Powiązane podatności
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java...
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnera...
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP fo...
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and fu...
Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to ...