Количество 6
Количество 6
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ...
GHSA-7rpj-hg47-cx62
Improper Restriction of XML External Entity Reference in com.h2database:h2.
BDU:2024-02259
Уязвимость пакета com.h2database:h2 системы управления базами данных H2, позволяющая нарушителю проводить XXE-атаки
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-23463 The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. | CVSS3: 8.1 | 0% Низкий | около 4 лет назад |
 | CVE-2021-23463 The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. | CVSS3: 6.8 | 0% Низкий | больше 4 лет назад |
 | CVE-2021-23463 The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability. | CVSS3: 8.1 | 0% Низкий | около 4 лет назад |
| CVE-2021-23463 The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vuln ... | CVSS3: 8.1 | 0% Низкий | около 4 лет назад |
| GHSA-7rpj-hg47-cx62 Improper Restriction of XML External Entity Reference in com.h2database:h2. | CVSS3: 8.1 | 0% Низкий | около 4 лет назад |
 | BDU:2024-02259 Уязвимость пакета com.h2database:h2 системы управления базами данных H2, позволяющая нарушителю проводить XXE-атаки | CVSS3: 8.1 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу