16 matches found
CVE-2022-37423
Neo4j APOC Awesome Procedures on Cypher before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream...
EUVD-2018-0819
Malware in sbrugna...
CVE-2023-23926
APOC Awesome Procedures on Cypher is an add-on library for Neo4j. An XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and 4.4.0.14 4.4 branch in Neo4j graph database. XML External Entity XXE injection occurs when the XML...
MAL-2025-3195 Malicious code in neo4j-apoc-procedures (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ae32122ca71a7a075fce5993dbcdceca009308664157c1655b4b3897e205f3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in neo4j-apoc-procedures (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ae32122ca71a7a075fce5993dbcdceca009308664157c1655b4b3897e205f3c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in neo4j-apoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446dfffd9d2f4e171ae7e9e3d88c997b8c9c9437d3f9c6b47174ad17ac40a651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3194 Malicious code in neo4j-apoc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446dfffd9d2f4e171ae7e9e3d88c997b8c9c9437d3f9c6b47174ad17ac40a651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv3 (>=1.4.0 <=1.7.0-RC1), com.buschmais.jqassistant.neo4jserver:neo4jv3 (>=1.4.0 <=1.7.0-RC1) +10 more potentially affected by CVE-2023-23926 via org.neo4j.procedure:apoc (>=3.4.0.1 <=3.5.0.7)
org.neo4j.procedure:apoc MAVEN version =3.4.0.1, =1.4.0, =1.4.0, =1.4.0, =1.8.0, =1.10.0 - org.jqassistant.contrib.plugin:jqassistant-plantuml-rule-plugin =1.7.0 Source cves: CVE-2023-23926 Source advisory: OSV:GHSA-9VX8-F5C4-862X...
GHSA-9VX8-F5C4-862X XML External Entity (XXE) vulnerability in apoc.import.graphml
Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...
GHSA-6WXG-WH7F-RQPR XML External Entity (XXE) vulnerability in apoc.import.graphml
Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...
CVE-2022-23532 neo4j-apoc-procedures is vulnerable to path traversal
APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...
CVE-2022-23532 neo4j-apoc-procedures is vulnerable to path traversal
APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...
XML External Entity Injection (XXE)
neo4j-apoc-procedures is susceptible to XML external entity injection XXE. The vulnerability is caused due to the way XML parser processes XML input containing a reference to an external entity using a weak configuration...
GHSA-R2PP-X4MM-4999 XML External Entity (XXE) vulnerability in neo4j.procedure:apoc
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...
Xxe
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...
PT-2018-9544 · Neo4J Contrib · Neo4J-Apoc-Procedures
Name of the Vulnerable Software and Affected Versions: neo4j-contrib neo4j-apoc-procedures versions before commit 45bc09c Description: The issue is related to a XML External Entity XXE vulnerability in the XML Parser. This can result in disclosure of confidential data, denial of service,...