CVE-2022-37423
- Source
- https://cve.org/CVERecord?id=CVE-2022-37423
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37423.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-37423
- Aliases
- Related
- Published
- 2022-08-12T15:15:16.177Z
- Modified
- 2026-03-13T22:14:16.559470Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.
- References
Affected packages
Git / github.com/neo4j-contrib/neo4j-apoc-procedures
Affected ranges
- Type
- GIT
- Repo
- https://github.com/neo4j-contrib/neo4j-apoc-procedures
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "4.3.0.7" }, { "introduced": "4.4.0.0" }, { "fixed": "4.4.0.8" } ] }
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-0168af77",
"target": {
"file": "core/src/main/java/apoc/export/cypher/FileManagerFactory.java",
"function": "PhysicalExportFileManager"
},
"digest": {
"length": 215.0,
"function_hash": "140340784420870783771410653815727773399"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-0207a362",
"target": {
"file": "core/src/main/java/apoc/export/cypher/FileManagerFactory.java",
"function": "createFileManager"
},
"digest": {
"length": 439.0,
"function_hash": "275803890352259959431911236407825224377"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-0c611673",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvNeo4jAdminTest.java",
"function": "testCypherExportCsvForAdminNeo4jImportWithConfigWithCompression"
},
"digest": {
"length": 91.0,
"function_hash": "56318862693816286459021101813681163534"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2022-37423-33c98da9",
"target": {
"file": "core/src/main/java/apoc/log/Neo4jLogStream.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"176420830107276987779317781987932705188",
"78859082374491867490390706653130511142",
"239926614808937637975053146878462241440",
"256493263415615386114010853425465358815",
"265515131739961538040179784991520068298"
]
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/fe9f8c77269f5a742585c1d62324eb70755de510"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-41cce246",
"target": {
"file": "core/src/main/java/apoc/export/cypher/FileManagerFactory.java",
"function": "normalizeFileName"
},
"digest": {
"length": 161.0,
"function_hash": "228592852490483454942401951860703538586"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-50d27dc6",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvNeo4jAdminTest.java",
"function": "testExportGraphNeo4jAdminCsv"
},
"digest": {
"length": 1597.0,
"function_hash": "310624250377540925930015161094278746335"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-61b989f1",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvNeo4jAdminTest.java",
"function": "assertFileEquals"
},
"digest": {
"length": 385.0,
"function_hash": "88858020537567629550178167467514099625"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-61de9353",
"target": {
"file": "core/src/main/java/apoc/log/Neo4jLogStream.java",
"function": "stream"
},
"digest": {
"length": 1462.0,
"function_hash": "220170889233233545029595684313256038608"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/fe9f8c77269f5a742585c1d62324eb70755de510"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2022-37423-655b3f42",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvTest.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"218507375956939466185299318117392165247",
"99301843008439632478358998155497075102",
"298006108191434600202746527873476073293",
"147155165849045590791651637203096440386"
]
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2022-37423-6a6017bf",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvNeo4jAdminTest.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"334789096717745101583887092605696299128",
"103109603379840020840701581579632634534",
"167406866393402945208028922288599416082",
"218338835875209375875589979972773704525",
"327918260441107734353706667968888717319",
"67575176623690425660354344460452020294",
"126124724329177935767546522178575657804",
"88079069888690820544367081454984852140",
"317414860571027848672324735884032849516",
"306194644555281713118435259544613501386",
"209893504304952454069025451048971248545",
"226373114321171868362038062064018223787",
"289391480498608482778686999499182937112",
"250197301361700371333213490782032674806",
"150871069390690477756638185054415348641",
"28835494797972235301764280446693863582",
"183853194855693199334730524886415409231",
"195122655207604478885044611061179669036",
"202070418158110212976572668242540861005",
"155452959587200592637560919972231782854",
"320233283357308644284520547836713805075",
"122586238059317242480827480376689584558",
"86552012493512536983790447001609133783",
"106324813210770267055224934525489936665",
"198699034189892797656394912653969640727",
"97806821065630288266233315499241569939",
"6835163205634337036717382271546763169",
"66628945702478078346845842854366206609",
"63130374115157393111349602951054112771",
"216347678109123689984754496954354151780",
"226264494603851805651384620826979933858",
"126577008328338380637410226057240984557",
"155304642957920673024819374520918892704",
"220633489755008624846224146678663593241",
"146147981370901601839800094987030202521",
"197532862047052700549697463618253030743",
"101607546770260421605135310793873829183",
"134737706696340591702075193249094958041",
"152476137742183160201752422316771986402",
"125602787588664913582605240351763946609",
"203349067536990684341651787712236903503",
"218788051869745575748003740002300584133",
"27029493316059966714448588319586646306",
"188124582858743601713508042722370013987",
"246378572591078047039081272946301883335",
"303526224592898645196240976287078241238",
"131747762742436253950518284286485350659",
"104907423627022564770486110455732371265",
"63245368780245855708976476867607788171",
"78591347844925838549978122262681084856",
"244770188643312837779196873296160023950",
"248166472467632356925400805035356513081",
"106766917922714279198531360748687362060",
"101505742205338304478884523446917669886",
"331572901618259139805767289308360527686",
"212427013730818651954590838518936109955",
"97216731216206277016920214528068611921",
"70964827770203024577101267091010303329",
"112917633921038748221596145970950191514",
"119189956869152746866505122359985925340",
"103970744193630030761227637083642173779",
"44087104083082761167430885974236404976",
"263478171302757039472098236309481523765",
"286782754825181218904247016931719214894",
"148355172208225030995557993906716273024",
"174664080225414816207545916603165428835",
"34046332476024838860071416156953504435",
"320808952058816864253363455552973115000",
"339387265854314329929608990031710546899",
"149676552037875426561049386592899634169"
]
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-7ac6709b",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvTest.java",
"function": "testExportAllCsv"
},
"digest": {
"length": 249.0,
"function_hash": "293489031720723327281841860617964676330"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-7cd9c895",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvNeo4jAdminTest.java",
"function": "convertCSVString"
},
"digest": {
"length": 68.0,
"function_hash": "238051587273948288363741071389174686408"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-7ee26756",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvNeo4jAdminTest.java",
"function": "assertionTestExportForAdminNeo4jImport"
},
"digest": {
"length": 2402.0,
"function_hash": "244393460228466981996718888100326073721"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Line",
"deprecated": false,
"id": "CVE-2022-37423-a6e8f463",
"target": {
"file": "core/src/main/java/apoc/export/cypher/FileManagerFactory.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"284662345890582089372386135217319570171",
"113824669618638504952341087792619506188",
"313806683262324251580842760140454431388",
"261608356011176130795650668556141204488",
"136582456877482559084096247834805314761",
"11227414508261032753621989040241055768",
"225969368299266433026821836628923531198",
"3878081010404131970889643486575588444",
"336334823674871894382652511056221182239",
"186716327821083619162745471674820741585",
"46109829643250293767935093993131961222",
"307541678797082824002828961815412251546",
"83950993992923441763391053825082848598",
"189346475336484568195813931669495386633",
"271595285520685645468279508123308805437",
"234764997931093088873118412385398709528",
"260143237686888565950990947720095530121",
"217811022040289295253453248133485417713",
"66349375993012222209714892676836352041",
"29988823933873619217294595905419781260",
"94413586600491177367734235736104816267",
"133671154246565507236464524385666791987",
"265493733627085005374110751078223953065",
"220877270505306627107740988597678259544"
]
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
},
{
"signature_type": "Function",
"deprecated": false,
"id": "CVE-2022-37423-ad475aeb",
"target": {
"file": "core/src/test/java/apoc/export/csv/ExportCsvNeo4jAdminTest.java",
"function": "testCypherExportCsvForAdminNeo4jImportWithConfig"
},
"digest": {
"length": 98.0,
"function_hash": "268097619512059488976064743480721925179"
},
"signature_version": "v1",
"source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/194ca2aa877d67fc699c828ddde97d56ec414eb7"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-37423.json"