CVE-2018-1000820
NONE EPSS 76.8%
Published Dec 20, 20187y ago · Modified Jun 17, 20262w ago
Published Dec 20, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.
Threat Intelligence
EPSS Exploit Probability
76.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-611
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| neo4j | awesome_procedures_on_cyper | * | any |
References 2
- 0dd.zone https://0dd.zone/2018/10/27/neo4f-apoc-procedures-XXE/
- github.com https://github.com/neo4j-contrib/neo4j-apoc-procedures/issues/931
Remediation
- github.com https://github.com/neo4j-contrib/neo4j-apoc-procedures/issues/931