Moderate severityNVD Advisory· Published May 7, 2024· Updated Jul 23, 2025
CVE-2024-34517
CVE-2024-34517
Description
The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.neo4j:neo4j-cypherMaven | >= 5.0.0, < 5.19.0 | 5.19.0 |
Affected products
7- osv-coords6 versionspkg:apk/chainguard/neo4jpkg:apk/chainguard/neo4j-oci-entrypointpkg:apk/wolfi/neo4jpkg:apk/wolfi/neo4j-oci-entrypointpkg:bitnami/neo4jpkg:maven/org.neo4j/neo4j-cypher
< 5.20.0-r0+ 5 more
- (no CPE)range: < 5.20.0-r0
- (no CPE)range: < 5.20.0-r0
- (no CPE)range: < 5.20.0-r0
- (no CPE)range: < 5.20.0-r0
- (no CPE)range: >= 5.0.0, < 5.20.0
- (no CPE)range: >= 5.0.0, < 5.19.0
- Neo4j/Neo4jv5Range: 5.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-p343-9qwp-pqxvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-34517ghsaADVISORY
- neo4j.com/security/cve-2024-34517ghsaWEB
- trust.neo4j.comghsaWEB
- neo4j.com/security/cve-2024-34517/mitre
News mentions
0No linked articles in our index yet.