CVE-2022-37423
unknown
CVSS v3
—
VIR risk
—
Description
Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.neo4j.procedure:apoc | >=4.4.0.0,<4.4.0.8 | 4.4.0.8 |
| Maven | org.neo4j.procedure:apoc | <4.3.0.7 | 4.3.0.7 |
References
- https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-78f9-745f-278p
- https://nvd.nist.gov/vuln/detail/CVE-2022-37423
- https://github.com/neo4j-contrib/neo4j-apoc-procedures/pull/3080
- https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/d2f415c6f703bbc2cda4a753928821ff15d5c620
- https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/fe9f8c77269f5a742585c1d62324eb70755de510
- https://github.com/neo4j-contrib/neo4j-apoc-procedures
- https://neo4j.com/docs/aura/platform/apoc
💬 Discuss CVE-2022-37423 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.