CVE-2022-37423: Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
(updated )
Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.
References
- github.com/advisories/GHSA-78f9-745f-278p
- github.com/neo4j-contrib/neo4j-apoc-procedures/commit/d2f415c6f703bbc2cda4a753928821ff15d5c620
- github.com/neo4j-contrib/neo4j-apoc-procedures/commit/fe9f8c77269f5a742585c1d62324eb70755de510
- github.com/neo4j-contrib/neo4j-apoc-procedures/pull/3080
- github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-78f9-745f-278p
Code Behaviors & Features
Detect and mitigate CVE-2022-37423 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →