Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
neo4j-contrib neo4j-apoc-procedures XML解析器安全漏洞
Vulnerability Description
neo4j-contrib neo4j-apoc-procedures是一款开源的用于neo4j的组件包。XML parser是其中的一个XML解析器。 neo4j-contrib neo4j-apoc-procedures commit 45bc09c之前版本中的XML解析器存在XML外部实体注入漏洞。攻击者可利用该漏洞泄露敏感数据,造成拒绝服务,实施服务器端请求伪造攻击或扫描端口。
CVSS Information
N/A
Vulnerability Type
N/A