漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
Vulnerability Description
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in version 0.6.0.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Neo4j MCP Clients & Servers 安全漏洞
Vulnerability Description
Neo4j MCP Clients & Servers是Neo4j Contrib开源的一个用于管理大语言模型上下文的协议。 Neo4j MCP Clients & Servers 0.6.0之前版本存在安全漏洞,该漏洞源于只读模式可通过APOC CALL过程绕过,可能导致未授权的写入操作或服务器端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A