CVE-2022-37423

Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.

References

Affected packages

Git / github.com/neo4j-contrib/neo4j-apoc-procedures

Affected ranges

Type: GIT
Repo: https://github.com/neo4j-contrib/neo4j-apoc-procedures
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fe9f8c77269f5a742585c1d62324eb70755de510

Affected versions

1.*

1.0.0

1.0.0-RC1

1.1.0

3.*

3.0.4.1

3.1.0.1

3.1.0.2

3.1.0.3

3.1.0.4

3.1.2.5

3.1.3.6

3.2.0.3

3.2.0.4

3.3.0.1

3.3.0.2

3.4.0.1

3.4.0.2

3.4.0.3

3.5.0.0

3.5.0.1

3.5.0.2

3.5.0.3

3.5.0.4

4.*

4.0.0-rc01

4.0.0.0

4.0.0.1

4.0.0.2

4.0.0.3

4.0.0.4

4.0.0.5

4.1.0-rc01

4.1.0.0

4.2.0-rc01

4.3.0-rc01

4.3.0-rc03

4.3.0-rc2

4.3.0.0

4.3.0.1

4.3.0.2

4.3.0.3

4.3.0.4

4.3.0.5

4.3.0.6

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "176420830107276987779317781987932705188",
                "78859082374491867490390706653130511142",
                "239926614808937637975053146878462241440",
                "256493263415615386114010853425465358815",
                "265515131739961538040179784991520068298"
            ]
        },
        "source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/fe9f8c77269f5a742585c1d62324eb70755de510",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2022-37423-33c98da9",
        "target": {
            "file": "core/src/main/java/apoc/log/Neo4jLogStream.java"
        }
    },
    {
        "digest": {
            "function_hash": "220170889233233545029595684313256038608",
            "length": 1462.0
        },
        "source": "https://github.com/neo4j-contrib/neo4j-apoc-procedures/commit/fe9f8c77269f5a742585c1d62324eb70755de510",
        "deprecated": false,
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2022-37423-61de9353",
        "target": {
            "file": "core/src/main/java/apoc/log/Neo4jLogStream.java",
            "function": "stream"
        }
    }
]