Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NNeo4j Awesome Procedures On Cypher
APPNeo4J< 4.3.0.74.4.0.0 – 4.4.0.8 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Powiązane podatności
CVE-2021-42767CRITICAL9.1ten sam vendor
A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attacker...
CVE-2021-34371CRITICAL9.8ten sam vendor
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java...
CVE-2018-1000820CRITICAL10.0ten sam vendor
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnera...
CVE-2018-18389CRITICAL9.8ten sam vendor
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP fo...
CVE-2022-23532HIGH7.1ten sam vendor
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and fu...