CVE-2021-42767

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-42767

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42767.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-42767

Aliases

GHSA-4mpj-488r-vh6m

Published

2022-03-01T02:15:07Z

Modified

2024-05-30T03:17:00.425039Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

References

Affected packages

Git / github.com/neo4j-contrib/neo4j-apoc-procedures

Affected ranges

Type: GIT
Repo: https://github.com/neo4j-contrib/neo4j-apoc-procedures
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

88902b4b31f258dc9a7371dd7287b13e48c5d46a

Affected versions

1.*

1.0.0

1.0.0-RC1

1.1.0

3.*

3.0.4.1

3.1.0.1

3.1.0.2

3.1.0.3

3.1.0.4

3.1.2.5

3.1.3.6

3.2.0.3

3.2.0.4

3.3.0.1

3.3.0.2

3.4.0.1

3.4.0.2

3.4.0.3

3.5.0.0

3.5.0.1

3.5.0.11

3.5.0.12

3.5.0.13

3.5.0.14

3.5.0.15

3.5.0.15-fix

3.5.0.16

3.5.0.2

3.5.0.3

3.5.0.4

3.5.0.5

3.5.0.6

3.5.0.7

3.5.0.8

3.5.0.9