Headline
GHSA-78f9-745f-278p: Neo4j Graph apoc plugins Partial Path Traversal Vulnerability
Impact
A partial Directory Traversal Vulnerability found in apoc.log.stream function of apoc plugins in Neo4j Graph database.
This issue allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example, userControlled.getCanonicalPath().startsWith("/usr/out") will allow an attacker to access a directory with a name like /usr/outnot.
Patches
The users should aim to use the latest released version compatible with their Neo4j version. The minimum versions containing patch for this vulnerability are 4.4.0.8 and 4.3.0.7
Workarounds
If you cannot upgrade the library, you can control the allowlist of the functions that can be used in your system
For more information
If you have any questions or comments about this advisory:
- Open an issue in neo4j-apoc-procedures
- Email us at [email protected]
Credits
We want to publicly recognise the contribution of Jonathan Leitschuh for reporting this issue.
Impact
A partial Directory Traversal Vulnerability found in apoc.log.stream function of apoc plugins in Neo4j Graph database.
This issue allows a malicious actor to potentially break out of the expected directory. The impact is limited to sibling directories. For example, userControlled.getCanonicalPath().startsWith(“/usr/out”) will allow an attacker to access a directory with a name like /usr/outnot.
Patches
The users should aim to use the latest released version compatible with their Neo4j version. The minimum versions containing patch for this vulnerability are 4.4.0.8 and 4.3.0.7
Workarounds
If you cannot upgrade the library, you can control the allowlist of the functions that can be used in your system
For more information
If you have any questions or comments about this advisory:
- Open an issue in neo4j-apoc-procedures
- Email us at [email protected]
Credits
We want to publicly recognise the contribution of Jonathan Leitschuh for reporting this issue.
References
- GHSA-78f9-745f-278p
- neo4j-contrib/neo4j-apoc-procedures#3080
- neo4j-contrib/neo4j-apoc-procedures@d2f415c
- neo4j-contrib/neo4j-apoc-procedures@fe9f8c7
Related news
Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.