CRITICAL🇬🇧 English

CVE-2021-42767

CVSS 9.1v3.1pub. 2022-03-01upd. 2024-11-21

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Neo4j Awesome Procedures

    APP
    Neo4J
    < 3.5.0.174.2.0.0 – 4.2.10 (bez)4.3.0.0 – 4.3.0.4 (bez)4.4.0.0 – 4.4.0.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2021-34371CRITICAL9.8ten sam vendor

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java...

CVE-2018-1000820CRITICAL10.0ten sam vendor

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnera...

CVE-2018-18389CRITICAL9.8ten sam vendor

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP fo...

CVE-2022-23532HIGH7.1ten sam vendor

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and fu...

CVE-2022-37423HIGH7.5ten sam vendor

Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to ...