The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.
https://github.com/advisories/GHSA-p343-9qwp-pqxv
https://neo4j.com/security/cve-2024-34517/
https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher