CVE-2021-34371.jar
CVE-2021-34371jar CVE-2021-34371jar from githubcom/vulhub/vulhub/tree/master/neo4j/CVE-2021-34371/rhino_gadget USE EXP
Neo4j up to and including 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
neo4j neo4j |