CVE-2021-42767
- Source
- https://cve.org/CVERecord?id=CVE-2021-42767
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42767.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-42767
- Aliases
- Related
- Published
- 2022-03-01T02:15:07.370Z
- Modified
- 2026-03-13T22:15:41.072188Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.
- References
Affected packages
Git / github.com/neo4j-contrib/neo4j-apoc-procedures
Affected ranges
- Type
- GIT
- Repo
- https://github.com/neo4j-contrib/neo4j-apoc-procedures
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "3.5.0.17" }, { "introduced": "4.3.0.0" }, { "fixed": "4.3.0.4" }, { "introduced": "4.4.0.0" }, { "fixed": "4.4.0.1" } ] }
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "4.2.0.0"
},
{
"fixed": "4.2.10"
}
]
}
]
vanir_signatures
[
{
"target": {
"function": "loadCsvForMetric",
"file": "full/src/main/java/apoc/metrics/Metrics.java"
},
"id": "CVE-2021-42767-1dfd6a10",
"digest": {
"function_hash": "207802441921537204896901189403421172352",
"length": 891.0
},
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/52a0958220ed2998225bce4548636a037ed9d16a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "shouldListMetrics",
"file": "full/src/test/java/apoc/metrics/MetricsTest.java"
},
"id": "CVE-2021-42767-6b23d2f3",
"digest": {
"function_hash": "148235860615581967438097351628586614164",
"length": 158.0
},
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/52a0958220ed2998225bce4548636a037ed9d16a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "beforeAll",
"file": "full/src/test/java/apoc/metrics/MetricsTest.java"
},
"id": "CVE-2021-42767-7a4dff55",
"digest": {
"function_hash": "182662720706030460458167050211698383750",
"length": 776.0
},
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/52a0958220ed2998225bce4548636a037ed9d16a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"function": "createURLStreamHandler",
"file": "core/src/main/java/apoc/util/ApocUrlStreamHandlerFactory.java"
},
"id": "CVE-2021-42767-81b2b801",
"digest": {
"function_hash": "281692202849863382705659314443838687303",
"length": 103.0
},
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/52a0958220ed2998225bce4548636a037ed9d16a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "core/src/main/java/apoc/util/ApocUrlStreamHandlerFactory.java"
},
"id": "CVE-2021-42767-8598f591",
"digest": {
"line_hashes": [
"118724760598893317982475357391888250702",
"42787929835364742382331780057433172078",
"16470593785582350785397032901801234475"
],
"threshold": 0.9
},
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/52a0958220ed2998225bce4548636a037ed9d16a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "full/src/main/java/apoc/metrics/Metrics.java"
},
"id": "CVE-2021-42767-9882e414",
"digest": {
"line_hashes": [
"95193999362841661895289845896028243311",
"261693692348930040984612887687535111589",
"245119315153008729244130802157176054276",
"312228315934111725499004949396862767107"
],
"threshold": 0.9
},
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/52a0958220ed2998225bce4548636a037ed9d16a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "full/src/test/java/apoc/metrics/MetricsTest.java"
},
"id": "CVE-2021-42767-cddbee72",
"digest": {
"line_hashes": [
"326407374985357365592746360777064624085",
"197118873685740969565063317695628189996",
"112294612097618583592768992805148845109",
"164547746798137424238900755296927338998",
"126078213229550900351017173744347645068",
"135150134212647040508387277717315844543",
"332306860352394965052039383555502549879",
"162764096537427463671519790558088939497",
"221997739649930657196741760142003088791",
"55687417267536926984773132019460202768",
"289327744451055700867636982514277268897",
"151103724863842922547844729830969069402",
"115645540087760266184531019474230504491",
"168158000555892453138181644095029972025",
"169871252963711939556104895977598583812",
"76255239339210194307863618699059398263",
"50821939529835205129435492129792887666",
"114034237037236198280404289766811056715",
"125866287381025221960492068262448416556",
"298411769115905202885627970124493109980",
"254213154127773681350157233177394834828",
"184424694594279896009214389812614281830",
"46707607899408460326253782815611406143",
"317896526428701706407315656040695414705",
"250640465049932201846732307601903714749"
],
"threshold": 0.9
},
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/52a0958220ed2998225bce4548636a037ed9d16a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42767.json"