Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-23463

Опубликовано: 22 окт. 2021
Источник: redhat
CVSS3: 6.8
EPSS Низкий

Описание

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

A flaw was found in the h2database. This flaw allows an attacker to benefit from XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object. A user may trigger the vulnerability by sending malicious data.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat build of Apicurio Registry 2com.h2database.h2Affected
Red Hat build of Quarkuscom.h2database.h2Affected
Red Hat Fuse 7com.h2database.h2Not affected
Red Hat Integration Service Registrycom.h2database.h2Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=2033392h2database: XXE injection vulnerability

EPSS

Процентиль: 59%
0.00376
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-23463

CVSS3: 8.1
ubuntu
около 4 лет назад

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

nvd логотип

CVE-2021-23463

CVSS3: 8.1
nvd
около 4 лет назад

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.

debian логотип

CVE-2021-23463

CVSS3: 8.1
debian
около 4 лет назад

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...

github логотип

GHSA-7rpj-hg47-cx62

CVSS3: 8.1
github
около 4 лет назад

Improper Restriction of XML External Entity Reference in com.h2database:h2.

fstec логотип

BDU:2024-02259

CVSS3: 8.1
fstec
около 4 лет назад

Уязвимость пакета com.h2database:h2 системы управления базами данных H2, позволяющая нарушителю проводить XXE-атаки

EPSS

Процентиль: 59%
0.00376
Низкий

6.8 Medium

CVSS3