[jira] [Updated] (TINKERPOP-2880) Deserialization of Untrusted Data in Neo4j

Jim Foscue (Jira) Tue, 28 Feb 2023 18:03:05 -0800


     [ 
https://issues.apache.org/jira/browse/TINKERPOP-2880?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jim Foscue updated TINKERPOP-2880:
----------------------------------
    Description: 
Vulnerability in neo4j-3.4.11.

Need to update to 3.5 or higher.

[https://github.com/advisories/GHSA-pc4w-8v5j-29w9]

 

Package path...
 * /opt/gremlin-server/ext/neo4j-gremlin/lib/neo4j-3.4.11.jar
 * /opt/gremlin-server/ext/neo4j-gremlin/plugin/neo4j-3.4.11.jar
 * /root/.groovy/grapes/org.neo4j/neo4j/jars/neo4j-3.4.11.jar

  was:
Vulnerability in neo4j-3.4.11.

Need to update to 3.5 or higher.

 

https://github.com/advisories/GHSA-pc4w-8v5j-29w9


> Deserialization of Untrusted Data in Neo4j
> ------------------------------------------
>
>                 Key: TINKERPOP-2880
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2880
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: neo4j
>    Affects Versions: 3.6.2
>            Reporter: Jim Foscue
>            Priority: Major
>              Labels: Ironbank
>
> Vulnerability in neo4j-3.4.11.
> Need to update to 3.5 or higher.
> [https://github.com/advisories/GHSA-pc4w-8v5j-29w9]
>  
> Package path...
>  * /opt/gremlin-server/ext/neo4j-gremlin/lib/neo4j-3.4.11.jar
>  * /opt/gremlin-server/ext/neo4j-gremlin/plugin/neo4j-3.4.11.jar
>  * /root/.groovy/grapes/org.neo4j/neo4j/jars/neo4j-3.4.11.jar



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (TINKERPOP-2880) Deserialization of Untrusted Data in Neo4j

Reply via email to