You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
CVE-2022-23221 - High Severity Vulnerability
Vulnerable Library - h2-1.4.200.jar
H2 Database Engine
Library home page: https://h2database.com
Path to dependency file: /integ-test/build.gradle
Path to vulnerable library: /er/.gradle/caches/modules-2/files-2.1/com.h2database/h2/1.4.200/f7533fe7cb8e99c87a43d325a77b4b678ad9031a/h2-1.4.200.jar
Dependency Hierarchy:
Found in HEAD commit: 1a2bfe2a9f9a3c0a91ff373481b34ed1b816283c
Found in base branch: main
Vulnerability Details
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
Publish Date: 2022-01-19
URL: CVE-2022-23221
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/h2database/h2database/releases/tag/version-2.1.210
Release Date: 2022-01-19
Fix Resolution: com.h2database:h2:2.1.210
The text was updated successfully, but these errors were encountered: