cancel
Showing results for 
Search instead for 
Did you mean: 

Neo4j community vulnerability

brijesh
Node

The latest neo4j 4.4.11-community image has 2 High vulnerability

CVE-2022-25857

CVE-2022-40149

 

  1. Snakeyaml v1.26 --> fix version : 1.31

/var/lib/neo4j/labs/apoc-4.4.0.8-core.jar

 

  1. Jettison v1.4.1 --> fix version: 1.5.1

/var/lib/neo4j/lib/jettison-1.4.1.jar

DoS attack

Can you make sure these vulnerability are resolved in next release

 

1 REPLY 1

TrevorS
Community Team
Community Team

Thank you for your post,
Could you please create a ticket with https://neo4j-aura.canny.io/ so that our engineers can test this as well?
Thank you,

TrevorS
Community Specialist