CVE-2018-1000820

NONE EPSS 76.8%
Published Dec 20, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 20, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.

Threat Intelligence

EPSS Exploit Probability
76.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-611

Affected Products 1

VendorProductVersionRange
neo4jawesome_procedures_on_cyper*any

References 2

  • 0dd.zone https://0dd.zone/2018/10/27/neo4f-apoc-procedures-XXE/
    Third Party Advisory
  • github.com https://github.com/neo4j-contrib/neo4j-apoc-procedures/issues/931
    Issue TrackingPatchThird Party Advisory

Remediation

  • github.com https://github.com/neo4j-contrib/neo4j-apoc-procedures/issues/931
    Issue TrackingPatchThird Party Advisory