PT-2018-9544 · Neo4J Contrib · Neo4J-Apoc-Procedures
Prodigysml
·
Published
2018-12-20
·
Updated
2023-01-23
·
CVE-2018-1000820
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
neo4j-contrib neo4j-apoc-procedures versions before commit 45bc09c
Description
The issue is related to a XML External Entity (XXE) vulnerability in the XML Parser. This can result in disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning.
Recommendations
For versions before commit 45bc09c, update to a version after commit 45bc09c to resolve the issue. As a temporary workaround, consider restricting the use of the XML Parser to minimize the risk of exploitation.
Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Neo4J-Apoc-Procedures