[TINKERPOP-2880] Deserialization of Untrusted Data in Neo4j - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Not A Bug
Affects Version/s: 3.6.2
Fix Version/s: None
Component/s: neo4j
Labels:
- Ironbank

Flags:

Patch, Important

Description

Vulnerability in neo4j-3.4.11.

Need to update to 3.5 or higher.

https://github.com/advisories/GHSA-pc4w-8v5j-29w9

Package path...

/opt/gremlin-server/ext/neo4j-gremlin/lib/neo4j-3.4.11.jar
/opt/gremlin-server/ext/neo4j-gremlin/plugin/neo4j-3.4.11.jar
/root/.groovy/grapes/org.neo4j/neo4j/jars/neo4j-3.4.11.jar

Attachments

Issue Links

is cloned by

TINKERPOP-2881 Improper Authentication in Apache Shiro

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Jim Foscue

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Feb/23 20:02

Updated:: 24/Mar/23 19:26

Resolved:: 24/Mar/23 19:26