Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03OGY5LTc0NWYtMjc4cM4AAt9m

Neo4j Graph apoc plugins Partial Path Traversal Vulnerability

Impact

A partial Directory Traversal Vulnerability found in apoc.log.stream function of apoc plugins in Neo4j Graph database.
This issue allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example, userControlled.getCanonicalPath().startsWith("/usr/out") will allow an attacker to access a directory with a name like /usr/outnot.

Patches

The users should aim to use the latest released version compatible with their Neo4j version. The minimum versions containing patch for this vulnerability are 4.4.0.8 and 4.3.0.7

Workarounds

If you cannot upgrade the library, you can control the allowlist of the functions that can be used in your system

For more information

If you have any questions or comments about this advisory:

Open an issue in neo4j-apoc-procedures
Email us at [email protected]

Credits

We want to publicly recognise the contribution of Jonathan Leitschuh for reporting this issue.

Permalink: https://github.com/advisories/GHSA-78f9-745f-278p
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03OGY5LTc0NWYtMjc4cM4AAt9m
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago

Identifiers: GHSA-78f9-745f-278p, CVE-2022-37423
References:

Repository: https://github.com/neo4j-contrib/neo4j-apoc-procedures
Blast Radius: 0.0

Affected Packages

maven:org.neo4j.procedure:apoc

Dependent packages: 8
Dependent repositories: 44
Downloads:
Affected Version Ranges: < 4.3.0.7, >= 4.4.0.0, < 4.4.0.8
Fixed in: 4.3.0.7, 4.4.0.8
All affected versions: 1.0.0, 1.1.0
All unaffected versions: