Vulnerability	Vulnerable Version
H Improper Neutralization of Special Elements in Data Query Logic graphiti-core is an A temporal graph building library Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the `SearchFilters.node_labels` process. An attacker can execute arbitrary Cypher queries within the privileges of the connected graph database by supplying crafted label values that are concatenated into Cypher label expressions without validation. This can lead to unauthorized reading, modification, or deletion of graph data, and bypassing logical group isolation enforced at the query layer. This is only exploitable if untrusted input is passed to `SearchFilters.node_labels` or if an LLM client is induced to call `search_nodes` with attacker-controlled `entity_types` values. How to fix Improper Neutralization of Special Elements in Data Query Logic? Upgrade `graphiti-core` to version 0.28.2 or higher.	[,0.28.2)

Improper Neutralization of Special Elements in Data Query Logic

graphiti-core is an A temporal graph building library

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the SearchFilters.node_labels process. An attacker can execute arbitrary Cypher queries within the privileges of the connected graph database by supplying crafted label values that are concatenated into Cypher label expressions without validation. This can lead to unauthorized reading, modification, or deletion of graph data, and bypassing logical group isolation enforced at the query layer. This is only exploitable if untrusted input is passed to SearchFilters.node_labels or if an LLM client is induced to call search_nodes with attacker-controlled entity_types values.

How to fix Improper Neutralization of Special Elements in Data Query Logic?

Upgrade graphiti-core to version 0.28.2 or higher.

[,0.28.2)

Go back to all versions of this package