Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data org.neo4j:neo4j is a Neo4j is a graph database management system developed by Neo4j, Inc. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through `setSessionVariable`. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains. How to fix Deserialization of Untrusted Data? Upgrade `org.neo4j:neo4j` to version 3.5.0 or higher.	[,3.5.0)

Deserialization of Untrusted Data

org.neo4j:neo4j is a Neo4j is a graph database management system developed by Neo4j, Inc.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

How to fix Deserialization of Untrusted Data?

Upgrade org.neo4j:neo4j to version 3.5.0 or higher.

[,3.5.0)

Go back to all versions of this package