CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000820

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile8.57th
PublishedDec 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.

Affected Platforms (CPE)

πŸ“¦
Neo4j

Awesome Procedures On Cyper

All versions

References & Advisories

πŸ”— https://0dd.zone/2018/10/27/neo4f-apoc-procedures-XXE/
πŸ”— https://github.com/neo4j-contrib/neo4j-apoc-procedures/issues/931
πŸ”— https://0dd.zone/2018/10/27/neo4f-apoc-procedures-XXE/
πŸ”— https://github.com/neo4j-contrib/neo4j-apoc-procedures/issues/931

Related Vulnerabilities

CVE-2018-403110.0

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the w...

CVE-2018-026810.0

A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenti...

CVE-2018-022210.0

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an...

CVE-2018-2126810.0

The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. Thi...