{"api_version":"1","generated_at":"2026-04-18T07:54:50+00:00","cve":"CVE-2021-42767","urls":{"html":"https://cve.report/CVE-2021-42767","api":"https://cve.report/api/cve/CVE-2021-42767.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-42767","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-42767"},"summary":{"title":"CVE-2021-42767","description":"A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-03-01 02:15:00","updated_at":"2022-10-04 14:48:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m","name":"https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m","refsource":"MISC","tags":[],"title":"Path traversal in several apoc.* functions · Advisory · neo4j-contrib/neo4j-apoc-procedures · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://neo4j.com","name":"https://neo4j.com","refsource":"MISC","tags":[],"title":"Graph Data Platform | Graph Database Management System | Neo4j","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-42767","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42767","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"42767","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"neo4j","cpe5":"awesome_procedures","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"neo4j","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-42767","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://neo4j.com","refsource":"MISC","name":"https://neo4j.com"},{"refsource":"MISC","name":"https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m","url":"https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-4mpj-488r-vh6m"}]}},"nvd":{"publishedDate":"2022-03-01 02:15:00","lastModifiedDate":"2022-10-04 14:48:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:neo4j:awesome_procedures:*:*:*:*:*:neo4j:*:*","versionStartIncluding":"4.4.0.0","versionEndExcluding":"4.4.0.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:neo4j:awesome_procedures:*:*:*:*:*:neo4j:*:*","versionStartIncluding":"4.3.0.0","versionEndExcluding":"4.3.0.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:neo4j:awesome_procedures:*:*:*:*:*:neo4j:*:*","versionStartIncluding":"4.2.0.0","versionEndExcluding":"4.2.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:neo4j:awesome_procedures:*:*:*:*:*:neo4j:*:*","versionEndExcluding":"3.5.0.17","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"42767","Ordinal":"219274","Title":"CVE-2021-42767","CVE":"CVE-2021-42767","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"42767","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}