CVE-2021-42767

Name of the Vulnerable Software and Affected Versions Neo4J Graph database versions 4.0.0 through 4.3.6 Neo4J Graph database versions prior to 3.5.17 Neo4J Graph database versions prior to 4.2.10 Neo4J Graph database versions prior to 4.3.0.4 Neo4J Graph database versions prior to 4.4.0.1

Description A directory traversal vulnerability in the Apoc plugins in Neo4J Graph database allows attackers to read local files, and sometimes create local files. The attacker can retrieve and download files from outside the configured directory on the affected server.

Recommendations For Neo4J Graph database version 3.5, update to version 3.5.17 or later. For Neo4J Graph database version 4.2, update to version 4.2.10 or later. For Neo4J Graph database version 4.3, update to version 4.3.0.4 or later. For Neo4J Graph database version 4.4, update to version 4.4.0.1 or later. As a temporary workaround, consider controlling the allowlist of the functions that can be used in your system by configuring the dbms.security.procedures.allowlist setting.