GHSA-45hx-wfhj-473x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-45hx-wfhj-473x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-45hx-wfhj-473x/GHSA-45hx-wfhj-473x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-45hx-wfhj-473x
- Aliases
- Published
- 2022-01-21T23:07:39Z
- Modified
- 2024-02-16T08:14:35.882108Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Arbitrary code execution in H2 Console
- Details
-
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-88" ], "github_reviewed_at": "2022-01-20T16:13:20Z", "nvd_published_at": "2022-01-19T17:15:00Z", "severity": "CRITICAL" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-23221
- https://github.com/h2database/h2database
- https://github.com/h2database/h2database/releases/tag/version-2.1.210
- https://github.com/h2database/h2database/security/advisories
- https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html
- https://security.netapp.com/advisory/ntap-20230818-0011
- https://twitter.com/d0nkey_man/status/1483824727936450564
- https://www.debian.org/security/2022/dsa-5076
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2022/Jan/39
Affected packages
Maven / com.h2database:h2
Package
- Name
- com.h2database:h2
- View open source insights on deps.dev
- Purl
- pkg:maven/com.h2database/h2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.1.210
Affected versions
1.*
1.0.57
1.0.58
1.0.59
1.0.60
1.0.61
1.0.62
1.0.63
1.0.64
1.0.65
1.0.66
1.0.67
1.0.68
1.0.69
1.0.70
1.0.71
1.0.72
1.0.73
1.0.74
1.0.75
1.0.76
1.0.77
1.0.78
1.0.79
1.0.20061217
1.0.20070304
1.0.20070429
1.0.20070617
1.1.100
1.1.101
1.1.102
1.1.103
1.1.104
1.1.105
1.1.106
1.1.107
1.1.108
1.1.109
1.1.110
1.1.111
1.1.112
1.1.113
1.1.114
1.1.115
1.1.116
1.1.117
1.1.118
1.1.119
1.2.120
1.2.121
1.2.122
1.2.123
1.2.124
1.2.125
1.2.126
1.2.127
1.2.128
1.2.129
1.2.130
1.2.131
1.2.132
1.2.133
1.2.134
1.2.135
1.2.136
1.2.137
1.2.138
1.2.139
1.2.140
1.2.141
1.2.142
1.2.143
1.2.144
1.2.145
1.2.147
1.3.146
1.3.148
1.3.149
1.3.150
1.3.151
1.3.152
1.3.153
1.3.154
1.3.155
1.3.156
1.3.157
1.3.158
1.3.159
1.3.160
1.3.161
1.3.162
1.3.163
1.3.164
1.3.165
1.3.166
1.3.167
1.3.168
1.3.169
1.3.170
1.3.171
1.3.172
1.3.173
1.3.174
1.3.175
1.3.176
1.4.177
1.4.178
1.4.179
1.4.180
1.4.181
1.4.182
1.4.183
1.4.184
1.4.185
1.4.186
1.4.187
1.4.188
1.4.189
1.4.190
1.4.191
1.4.192
1.4.193
1.4.194
1.4.195
1.4.196
1.4.197
1.4.198
1.4.199
1.4.200
2.*
2.0.202
2.0.204
2.0.206