CRITICAL🇵🇱 Wersja polska

CVE-2018-1000820

CVSS 10.0v3.0pub. 2018-12-20upd. 2024-11-21

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Neo4j Awesome Procedures On Cyper

    APP
    Neo4J
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRFDoSXXE
CWE
References

Related vulnerabilities

CVE-2022-23532HIGH7.1ten sam produkt

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and fu...

CVE-2023-23926MEDIUM5.9ten sam produkt

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability...

CVE-2021-42767CRITICAL9.1ten sam vendor

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attacker...

CVE-2021-34371CRITICAL9.8ten sam vendor

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java...

CVE-2018-18389CRITICAL9.8ten sam vendor

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP fo...