Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.neo4j/neo4j-shell@1.6.2

Type maven

Namespace org.neo4j

Name neo4j-shell

Version 1.6.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-p3zx-xt34-n3f1

vulnerability_id VCID-p3zx-xt34-n3f1

summary

Deserialization of Untrusted Data
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-34371

reference_id

reference_type

scores

value	0.68071
scoring_system	epss
scoring_elements	0.98613
published_at	2026-06-08T12:55:00Z

value	0.68071
scoring_system	epss
scoring_elements	0.98611
published_at	2026-06-09T12:55:00Z

value	0.68071
scoring_system	epss
scoring_elements	0.98614
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-34371

reference_url

https://github.com/neo4j/neo4j

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/neo4j/neo4j

reference_url

https://www.exploit-db.com/exploits/50170

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/50170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-34371

reference_id

CVE-2021-34371

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-34371

reference_url

https://github.com/advisories/GHSA-pc4w-8v5j-29w9

reference_id

GHSA-pc4w-8v5j-29w9

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pc4w-8v5j-29w9

fixed_packages

url	pkg:maven/org.neo4j/neo4j-shell@3.5.0
purl	pkg:maven/org.neo4j/neo4j-shell@3.5.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.neo4j/neo4j-shell@3.5.0

aliases CVE-2021-34371, GHSA-pc4w-8v5j-29w9

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3zx-xt34-n3f1

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.neo4j/neo4j-shell@1.6.2

Package Instance