{"id":"CVE-2022-37423","details":"Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.","aliases":["GHSA-78f9-745f-278p"],"modified":"2026-04-09T08:56:43.795145Z","published":"2022-08-12T15:15:16.177Z","related":["GHSA-78f9-745f-278p"],"references":[{"type":"ADVISORY","url":"https://neo4j.com/docs/aura/platform/apoc/"},{"type":"EVIDENCE","url":"https://github.com/neo4j-contrib/neo4j-apoc-procedures/security/advisories/GHSA-78f9-745f-278p"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/neo4j-contrib/neo4j-apoc-procedures","events":[{"introduced":"0"},{"fixed":"fe9f8c77269f5a742585c1d62324eb70755de510"},{"introduced":"1e6de8e88876b526f84b677e4e6859f6f5b27c95"},{"fixed":"194ca2aa877d67fc699c828ddde97d56ec414eb7"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.3.0.7"},{"introduced":"4.4.0.0"},{"fixed":"4.4.0.8"}]}}],"versions":["1.0.0","1.0.0-RC1","1.1.0","3.0.4.1","3.1.0.1","3.1.0.2","3.1.0.3","3.1.0.4","3.1.2.5","3.1.3.6","3.2.0.3","3.2.0.4","3.3.0.1","3.3.0.2","3.4.0.1","3.4.0.2","3.4.0.3","3.5.0.0","3.5.0.1","3.5.0.2","3.5.0.3","3.5.0.4","4.0.0-rc01","4.0.0.0","4.0.0.1","4.0.0.2","4.0.0.3","4.0.0.4","4.0.0.5","4.1.0-rc01","4.1.0.0","4.2.0-rc01","4.3.0-rc01","4.3.0-rc03","4.3.0-rc2","4.3.0.0","4.3.0.1","4.3.0.2","4.3.0.3","4.3.0.4","4.3.0.5","4.3.0.6","4.4.0.0","4.4.0.1","4.4.0.2","4.4.0.3","4.4.0.4","4.4.0.5","4.4.0.6","4.4.0.7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-37423.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}