Neo4j community vulnerability

brijesh · September 29, 2022, 11:46am

The latest neo4j 4.4.11-community image has 2 High vulnerability

CVE-2022-25857

CVE-2022-40149

/var/lib/neo4j/labs/apoc-4.4.0.8-core.jar

/var/lib/neo4j/lib/jettison-1.4.1.jar

DoS attack

Can you make sure these vulnerability are resolved in next release

TrevorS · September 29, 2022, 6:38pm

Thank you for your post,
Could you please create a ticket with https://neo4j-aura.canny.io/ so that our engineers can test this as well?
Thank you,

Topic		Replies	Views
Vulnerabilities in latest docker image of neo4j 4.4.9 General migrated	1	95	July 20, 2022
Neo4j Verison 5.11.10 has Critical and High Vulnerabilitites Graph Algorithms/Graph Data Science	2	616	August 29, 2023
Known Issues/Bugs/Defects in Neo4j version 4.4.12 General migrated	0	116	October 31, 2022
Log4J CVE Mitigation for Neo4j Announcements security , sandbox , aura , cve	2	18149	December 18, 2021
How to fix neo4j log4j issues Operations security	3	1176	December 13, 2021