Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-23463

Опубликовано: 10 дек. 2021
Источник: debian
EPSS Низкий

Описание

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
h2databasenot-affectedpackage

Примечания

  • https://github.com/h2database/h2database/issues/3195

  • https://github.com/h2database/h2database/pull/3199

  • Introduced in: https://github.com/h2database/h2database/commit/1cfd2ffad975b31de3f20711bab19a121bfad20c (version-1.4.198)

  • Fixed by: https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8 (version-2.0.202)

EPSS

Процентиль: 59%
0.00376
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-23463

CVSS3: 8.1
ubuntu
около 4 лет назад

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

redhat логотип

CVE-2021-23463

CVSS3: 6.8
redhat
больше 4 лет назад

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

nvd логотип

CVE-2021-23463

CVSS3: 8.1
nvd
около 4 лет назад

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

github логотип

GHSA-7rpj-hg47-cx62

CVSS3: 8.1
github
около 4 лет назад

Improper Restriction of XML External Entity Reference in com.h2database:h2.

fstec логотип

BDU:2024-02259

CVSS3: 8.1
fstec
около 4 лет назад

Уязвимость пакета com.h2database:h2 системы управления базами данных H2, позволяющая нарушителю проводить XXE-атаки

EPSS

Процентиль: 59%
0.00376
Низкий