CVE-2024-34517 Cypher

Information

Neo4j versions from 5.0.0 up to 5.18 mishandle immutable privileges under certain conditions that require the attacker to have legitimate admin privileges. While not critical, it is recommend that existing 5.18 installations are upgraded to version 5.19.

Links

• CVE: https://www.cve.org/CVERecord?id=CVE-2024-34517
• Changelog: https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher
• Release notes: https://neo4j.com/release-notes/database/neo4j-5/
• GitHub Advisory: https://github.com/advisories/GHSA-p343-9qwp-pqxv