Headline
CVE-2021-42767: Neo4j Graph Data Platform – The Leader in Graph Databases
A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.
Neo4j Graph Data Platform
Blazing-Fast Graph,
Petabyte Scale
With proven trillion+ entity performance, developers, data scientists, and enterprises rely on Neo4j as the top choice for high-performance, scalable analytics, intelligent app development, and advanced AI/ML pipelines.
The Graph Technology Leader
Uncompromised Performance, Reliability, and Integrity
The creator and leader of the graph database category, Neo4j continues to expand the limits of graph technology, helping empower the largest active community of 220,000 developers, data scientists, and architects who are working to solve the world’s most complex and valuable data problems.
MACHINE LEARNING INNOVATION
Revealing Richer Context to Drive Deeper Insights
Analysts and data scientists can incorporate network structures to infer meaning, increase ML accuracy, and drive contextual AI – making better predictions with the data they already have.
Neo4j is fueled by our vast, production-ready algorithm library and advanced, groundbreaking machine learning workflows not found anywhere else.
Learn about Graph Data Science
Battle-tested for performance
The Most Trusted. The Most Secure. The Most Deployed.
Neo4j is the only enterprise-strength graph database that combines native graph storage, advanced security, scalable speed-optimized architecture, and ACID compliance to ensure predictability and integrity of relationship-based queries. That’s why it’s deployed by hundreds of Fortune 500 companies, government agencies, and NGOs.
NEO4J AS A SERVICE
Neo4j Aura: The Fully
Managed Cloud Service
Neo4j Aura is a fast, scalable, always on and fully automated graph platform, offered as a cloud service. Aura lets you focus on your core innovation rather than spending time managing infrastructure.
Neo4j Aura includes AuraDB, the graph database as a service for developers building intelligent applications and AuraDS, the graph data science as a service for data scientists building predictive models and analytics workflows.
Learn more
Fully automated provisioning, upgrades and backups
Always-on, Secure, Reliable and ACID compliant
Scalable, on-demand without interruption
Simple Consumption-Based pricing
Cypher: The graph Query Language
No More Complex Joins
Cypher is a powerful, intuitive, graph-optimized query language that understands, and takes advantage of, data connections. It’s user-friendly, easy to learn, and follows connections – in any direction – to reveal previously unknown relationships and clusters.
When trying to find patterns or insights within data, Cypher queries are much simpler and easier to write than massive SQL joins. Since Neo4j doesn’t have tables, there are no joins to worry about. Compare the Cypher query at the left with its equivalent in SQL.
Learn more about Cypher
Cypher
MATCH (p:Product)-[:CATEGORY]->(l:ProductCategory)-[:PARENT*0..]->(:ProductCategory {name:"Dairy Products"})
RETURN p.name
SQL
SELECT p.ProductName
FROM Product AS p
JOIN ProductCategory pc ON (p.CategoryID = pc.CategoryID AND pc.CategoryName = "Dairy Products")
JOIN ProductCategory pc1 ON (p.CategoryID = pc1.CategoryID)
JOIN ProductCategory pc2 ON (pc1.ParentID = pc2.CategoryID AND pc2.CategoryName = "Dairy Products")
JOIN ProductCategory pc3 ON (p.CategoryID = pc3.CategoryID)
JOIN ProductCategory pc4 ON (pc3.ParentID = pc4.CategoryID)
JOIN ProductCategory pc5 ON (pc4.ParentID = pc5.CategoryID AND pc5.CategoryName = "Dairy Products");
Use Your Favorite Programming Languages
We aim to make the Neo4j experience fast, natural, and fun for developers. Neo4j supports GraphQL and drivers for .Net, Java, Node.js, Python, and more. Our community of contributors provide many more drivers, including PHP, Ruby, R, Erlang, and Clojure.
Learn more about Drivers
NodeJS
Python
Go
.NET
Java
// npm install --save neo4j-driver // node example.js const neo4j = require(“neo4j-driver”); const driver = neo4j.driver("bolt://<HOST>:<BOLTPORT>", neo4j.auth.basic("<USERNAME>", “<PASSWORD>”), { /* encrypted: ‘ENCRYPTION_OFF’ */ });
const query =
MATCH (p:Product)-[:PART_OF]->(:Category)-[:PARENT*0..]-> (:Category {categoryName:$category}) RETURN p.productName as product
;const params = { category: “Dairy Products” };
const session = driver.session({ database: “neo4j” });
session .run(query, params) .then((result) => { result.records.forEach((record) => { console.log(record.get(“product”)); }); session.close(); driver.close(); }) .catch((error) => { console.error(error); });
# pip3 install neo4j-driver
# python3 example.py
from neo4j import GraphDatabase, basic_auth
driver = GraphDatabase.driver(
"bolt://<HOST>:<BOLTPORT>",
auth=basic_auth("<USERNAME>", "<PASSWORD>"))
cypher_query = '''
MATCH (p:Product)-[:PART_OF]->(:Category)-[:PARENT*0..]->
(:Category {categoryName:$category})
RETURN p.productName as product
'''
with driver.session(database="neo4j") as session:
results = session.read_transaction(
lambda tx: tx.run(cypher_query,
category="Dairy Products").data())
for record in results:
print(record['product'])
driver.close()
// go mod init main
// go run example.go
package main
import (
"fmt"
"github.com/neo4j/neo4j-go-driver/neo4j" //Go 1.8
)
func main() {
s, err := runQuery("bolt://<HOST>:<BOLTPORT>", "<USERNAME>", "<PASSWORD>")
if err != nil {
panic(err)
}
fmt.Println(s)
}
func runQuery(uri, username, password string) ([]string, error) {
configForNeo4j4 := func(conf *neo4j.Config) { conf.Encrypted = false }
driver, err := neo4j.NewDriver(uri, neo4j.BasicAuth(username, password, ""), configForNeo4j4)
if err != nil {
return nil, err
}
defer driver.Close()
sessionConfig := neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead, DatabaseName: "neo4j"}
session, err := driver.NewSession(sessionConfig)
if err != nil {
return nil, err
}
defer session.Close()
results, err := session.ReadTransaction(func(transaction neo4j.Transaction) (interface{}, error) {
result, err := transaction.Run(
`
MATCH (p:Product)-[:PART_OF]->(:Category)-[:PARENT*0..]->
(:Category {categoryName:$category})
RETURN p.productName as product
`, map[string]interface{}{
"category": "Dairy Products",
})
if err != nil {
return nil, err
}
var arr []string
for result.Next() {
value, found := result.Record().Get("product")
if found {
arr = append(arr, value.(string))
}
}
if err = result.Err(); err != nil {
return nil, err
}
return arr, nil
})
if err != nil {
return nil, err
}
return results.([]string), err
}
// install dotnet core on your system
// dotnet new console -o .
// dotnet add package Neo4j.Driver
// paste in this code into Program.cs
// dotnet run
using System;
using System.Collections.Generic;
using System.Text;
using System.Threading.Tasks;
using Neo4j.Driver;
namespace dotnet {
class Example {
static async Task Main() {
var driver = GraphDatabase.Driver("bolt://<HOST>:<BOLTPORT>",
AuthTokens.Basic("<USERNAME>", "<PASSWORD>"));
var cypherQuery =
@"
MATCH (p:Product)-[:PART_OF]->(:Category)-[:PARENT*0..]->
(:Category {categoryName:$category})
RETURN p.productName as product
";
var session = driver.AsyncSession(o => o.WithDatabase("neo4j"));
var result = await session.ReadTransactionAsync(async tx => {
var r = await tx.RunAsync(cypherQuery,
new { category="Dairy Products"});
return await r.ToListAsync();
});
await session?.CloseAsync();
foreach (var row in result)
Console.WriteLine(row["product"].As<string>());
}
}
}
// Add your the driver dependency to your pom.xml build.gradle etc.
// Java Driver Dependency: http://search.maven.org/#artifactdetails|org.neo4j.driver|neo4j-java-driver|4.0.1|jar
// Reactive Streams http://search.maven.org/#artifactdetails|org.reactivestreams|reactive-streams|1.0.3|jar
// download jars into current directory
// java -cp "*" Example.java
import org.neo4j.driver.*;
import static org.neo4j.driver.Values.parameters;
public class Example {
public static void main(String...args) {
Driver driver = GraphDatabase.driver("bolt://<HOST>:<BOLTPORT>",
AuthTokens.basic("<USERNAME>","<PASSWORD>"));
try (Session session = driver.session(SessionConfig.forDatabase("neo4j"))) {
String cypherQuery =
"MATCH (p:Product)-[:PART_OF]->(:Category)-[:PARENT*0..]->" +
"(:Category {categoryName:$category})" +
"RETURN p.productName as product";
var result = session.readTransaction(
tx -> tx.run(cypherQuery,
parameters("category","Dairy Products"))
.list());
for (Record record : result) {
System.out.println(record.get("product").asString());
}
}
driver.close();
}
}
Helpful Tools for Modern App & Web Development
Neo4j provides an array of tools, libraries, and frameworks to make development faster and easier. Developer tools like Neo4j Desktop, Browser, and Sandbox make it simple to learn and develop graph apps.
The new Neo4j GraphQL Library translates GraphQL queries into Cypher, making it easier for GraphQL users to use Neo4j. It also streamlines integration of Neo4j with React, Vue, and other open source frameworks.
GraphQL Library
For API driven modern applications
Learn More
Neo4j Browser
For accessing your database anywhere
Get Started
Ready to get started with Neo4j?
Get started for free with AuraDB