CVE-2023-23926

APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...

de.julielab:julielab-concept-creation-bioportal (>=1.2.0 <=1.3.1), de.julielab:julielab-concept-creation-famplex (>=1.2.0 <=1.3.1) +6 more potentially affected by CVE-2022-37423 via org.neo4j.procedure:apoc (>=4.4.0.16 <=4.4.0.2)

org.neo4j.procedure:apoc MAVEN version =4.4.0.16, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.3.1 - org.jqassistant.plugin:jqassistant-apoc-plugin =2.0.0 Source cves: CVE-2022-37423 Source advisory: OSV:GHSA-78F9-745F-278P...

Neo4j 路径遍历漏洞

Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, Inc. that supports data migration, add-ons, and more. A path traversal vulnerability exists in Neo4j Graph, which stems from a directory traversal vulnerability in the Apoc plugin in Neo4j Graph databases 4.0.0 through 4.3...