Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
Vulnerability Description
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in version 0.6.0.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Neo4j MCP Clients & Servers 安全漏洞
Vulnerability Description
Neo4j MCP Clients & Servers是Neo4j Contrib开源的一个用于管理大语言模型上下文的协议。 Neo4j MCP Clients & Servers 0.6.0之前版本存在安全漏洞,该漏洞源于只读模式可通过APOC CALL过程绕过,可能导致未授权的写入操作或服务器端请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A