CVE-2021-42767
Description
A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.
Risk Information
Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.716
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-42767 are fixed in Neo4j-apoc 4.3.0.4 | Windows |
| Vulnerabilities CVE-2021-42767 are fixed in Neo4j-apoc 3.5.17 | Windows |
| Vulnerabilities CVE-2021-42767 are fixed in Neo4j-apoc 4.2.10 | Windows |
| Vulnerabilities CVE-2021-42767 are fixed in Neo4j-apoc 4.4.0.1 | Windows |
| Vulnerabilities CVE-2021-42767 are fixed in Neo4j-apoc for Linux 4.3.0.4 | Linux |
| Vulnerabilities CVE-2021-42767 are fixed in Neo4j-apoc for Linux 3.5.17 | Linux |
| Vulnerabilities CVE-2021-42767 are fixed in Neo4j-apoc for Linux 4.2.10 | Linux |
| Vulnerabilities CVE-2021-42767 are fixed in Neo4j-apoc for Linux 4.4.0.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234