CVE-2021-42767

CRITICAL

Neo4J Graph Database < 4.4.0.1 - Path Traversal and Arbitrary File Write via APOC Plugins

Title source: llm

Description

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.

References (2)

Core 2

Core References

Product, Vendor Advisory x_refsource_misc

https://neo4j.com

Third Party Advisory x_refsource_misc

https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m

Scores

CVSS v3 9.1

EPSS 0.0147

EPSS Percentile 70.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-22

Status published

Products (2)

neo4j/awesome_procedures < 3.5.0.17

org.neo4j.procedure/apoc 0 - 3.5.17Maven

Published Mar 01, 2022

Tracked Since Feb 18, 2026