org.neo4j.procedure:apoc is vulnerable to path traversal. A remote attacker is able to retrieve and download files from outside the authorized directory and under some circumstances to also create files on the affected server resulting in path traversal vulnerability.
github.com/advisories/GHSA-4mpj-488r-vh6m
github.com/neo4j-contrib/neo4j-apoc-procedures/commit/6d556c7c0f1b0b20aa206a196951e1d3ddf66cfd
github.com/neo4j-contrib/neo4j-apoc-procedures/commit/b1b7a1d634d2e1e09e6751f0545d7e551f7f212b
github.com/neo4j-contrib/neo4j-apoc-procedures/commit/b583f7f8a0d56245b653c046dac039109130dda1
github.com/neo4j-contrib/neo4j-apoc-procedures/commit/c503036e7f7d44136565a7141d723c8f0166ac2b
github.com/neo4j-contrib/neo4j-apoc-procedures/issues/1911
github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m
neo4j.com