CVE-2024-34517 Cypher

Information

Neo4j versions up to 5.18 mishandle immutable privileges under certain conditions that require the attacker to have legitimate admin privileges. While not critical, it is recommend that existing 5.18 installations are upgraded to version 5.19.

Links

• CVE: https://www.cve.org/CVERecord?id=CVE-2024-34517
• Changelog: https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher
• Release notes: https://neo4j.com/release-notes/database/neo4j-5/
• GitHub Advisory: https://github.com/advisories/GHSA-p343-9qwp-pqxv