CVE-2021-23463

by Fred · 10/12/2021

The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

Date published : 2021-12-10

https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3

https://github.com/h2database/h2database/issues/3195

CVE-2021-23463

Similar

Recent Posts

Categories

CVE-2021-23463

Share this:

Similar

Recent Posts

Categories

Tags