漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficient escaping of unicode characters in query log
Vulnerability Description
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01. Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337
CVSS Information
N/A
Vulnerability Type
日志输出的转义处理不恰当
Vulnerability Title
Neo4j 安全漏洞
Vulnerability Description
Neo4j是美国Neo4j公司的一款基于Java的且完全兼容ACID的图形数据库,它支持数据迁移、附加组件等。 Neo4j Enterprise和Neo4j Community 2026.01之前版本存在安全漏洞,该漏洞源于查询日志中Unicode字符转义不足,如果用户在将日志视为HTML的工具中打开日志,可能导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A