Duplicate
This advisory duplicates another.
Advisories for Maven/Org.neo4j.procedure/Apoc package
2023
Improper Restriction of XML External Entity Reference
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC plugin prior to version 4.4.0.14 in Neo4j graph database. XML External Entity (XXE) injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was not configured in a secure way and therefore allowed this. External entities …
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export.* procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the vulnerability to be exploited, an attacker would …
2022
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.
Duplicate
This advisory duplicates another.
2018
Improper Restriction of XML External Entity Reference
neo4j-apoc-procedures contains an XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.