Description
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.
Affected Software
Related
{"id": "CVE-2021-23463", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-23463", "description": "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.", "published": "2021-12-10T20:15:00", "modified": "2022-04-28T14:53:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.2}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23463", "reporter": "report@snyk.io", "references": ["https://github.com/h2database/h2database/issues/3195", "https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238", "https://github.com/h2database/h2database/pull/3199", "https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3", "https://www.oracle.com/security-alerts/cpuapr2022.html"], "cvelist": ["CVE-2021-23463"], "immutableFields": [], "lastseen": "2022-04-28T17:48:21", "viewCount": 39, "enchantments": {"dependencies": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-23463"]}, {"type": "github", "idList": ["GHSA-7RPJ-HG47-CX62"]}, {"type": "githubexploit", "idList": ["084C8D8C-4B14-526B-9A5E-977BD4F2FBE4"]}, {"type": "osv", "idList": ["OSV:GHSA-7RPJ-HG47-CX62"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-23463"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-23463"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "twitter": {"counter": 2, "modified": "2021-12-11T08:36:22", "tweets": [{"author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg", "link": "https://twitter.com/WolfgangSesin/status/1470837276552966150", "text": "New post from https://t.co/uXvPWJy6tj (CVE-2021-23463 (h2)) has been published on https://t.co/gumv3vA8j9"}, {"author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg", "link": "https://twitter.com/WolfgangSesin/status/1470837276552966150", "text": "New post from https://t.co/uXvPWJy6tj (CVE-2021-23463 (h2)) has been published on https://t.co/gumv3vA8j9"}]}, "backreferences": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-23463"]}, {"type": "github", "idList": ["GHSA-7RPJ-HG47-CX62"]}, {"type": "githubexploit", "idList": ["084C8D8C-4B14-526B-9A5E-977BD4F2FBE4"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-23463"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-23463"]}]}, "exploitation": null, "vulnersScore": 5.2}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": "Snyk", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "score": 8.1}}}, "cpe": [], "cpe23": [], "cwe": ["CWE-611"], "affectedSoftware": [{"cpeName": "h2database:h2", "version": "2.0.202", "operator": "lt", "name": "h2database h2"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:h2database:h2:2.0.202:*:*:*:*:*:*:*", "versionStartIncluding": "1.4.198", "versionEndExcluding": "2.0.202", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://github.com/h2database/h2database/issues/3195", "name": "N/A", "refsource": "CONFIRM", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://snyk.io/vuln/SNYK-JAVA-COMH2DATABASE-1769238", "name": "N/A", "refsource": "CONFIRM", "tags": ["Exploit", "Patch", "Third Party Advisory"]}, {"url": "https://github.com/h2database/h2database/pull/3199", "name": "N/A", "refsource": "CONFIRM", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://github.com/h2database/h2database/commit/d83285fd2e48fb075780ee95badee6f5a15ea7f8%23diff-008c2e4462609982199cd83e7cf6f1d6b41296b516783f6752c44b9f15dc7bc3", "name": "N/A", "refsource": "CONFIRM", "tags": ["Broken Link"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": ["Not Applicable"]}]}
{"veracode": [{"lastseen": "2022-06-29T08:13:02", "description": "h2 is vulnerable to XML external entity injection. The vulnerability exists due to the `getSource` method executed within the `DOMSource.class` input parameter when passing string data into the `org.h2.jdbc.JdbcSQLXML` class, allowing an attacker to cause an application crash or access sensitive data.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-13T03:56:39", "type": "veracode", "title": "XML External Entity (XXE) Injection ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-04-28T17:10:14", "id": "VERACODE:33287", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33287/summary", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-06-13T22:59:46", "description": "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-16T16:53:25", "type": "redhatcve", "title": "CVE-2021-23463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-06-13T21:59:00", "id": "RH:CVE-2021-23463", "href": "https://access.redhat.com/security/cve/cve-2021-23463", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-01-22T11:27:57", "description": "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are\nvulnerable to XML External Entity (XXE) Injection via the\norg.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data\nfrom org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the\ngetSource() method when the parameter is DOMSource.class it will trigger\nthe vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-10T00:00:00", "type": "ubuntucve", "title": "CVE-2021-23463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2021-12-10T00:00:00", "id": "UB:CVE-2021-23463", "href": "https://ubuntu.com/security/CVE-2021-23463", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "osv": [{"lastseen": "2022-06-10T04:59:59", "description": "H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-16T14:29:57", "type": "osv", "title": "Improper Restriction of XML External Entity Reference in com.h2database:h2.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-06-10T02:15:41", "id": "OSV:GHSA-7RPJ-HG47-CX62", "href": "https://osv.dev/vulnerability/GHSA-7rpj-hg47-cx62", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "github": [{"lastseen": "2022-04-22T16:42:21", "description": "H2 is an embeddable RDBMS written in Java. The package com.h2database:h2 from 0 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-16T14:29:57", "type": "github", "title": "Improper Restriction of XML External Entity Reference in com.h2database:h2.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2022-04-22T15:39:59", "id": "GHSA-7RPJ-HG47-CX62", "href": "https://github.com/advisories/GHSA-7rpj-hg47-cx62", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-07-04T05:59:28", "description": "The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-12-10T20:15:00", "type": "debiancve", "title": "CVE-2021-23463", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463"], "modified": "2021-12-10T20:15:00", "id": "DEBIANCVE:CVE-2021-23463", "href": "https://security-tracker.debian.org/tracker/CVE-2021-23463", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "githubexploit": [{"lastseen": "2022-03-28T14:15:09", "description": "# jdbc-sqlxml-xxe\n- h2-jdbc (CVE-2021-234...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-10-22T07:14:25", "type": "githubexploit", "title": "Exploit for Vulnerability in Oracle Mysql Connectors", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.9, "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-23463", "CVE-2021-2471"], "modified": "2022-03-28T13:42:13", "id": "084C8D8C-4B14-526B-9A5E-977BD4F2FBE4", "href": "", "cvss": {"score": 7.9, "vector": "AV:N/AC:M/Au:S/C:C/I:N/A:C"}, "privateArea": 1}]}
CVE-2021-23463
